You are here

Horner Automation Cscape (ICSA-18-354-01)

Horner Automation Cscape (ICSA-18-354-01)

Created: Friday, December 21, 2018 - 13:12
Categories:
Cybersecurity

The NCCIC has published an advisory on an improper input validation vulnerability in Horner Automation Cscape. Versions 9.80.75.3 SP3 and prior are affected. Successful exploitation of this vulnerability could crash the device being accessed, allow the attacker to read confidential information, and may allow an attacker to remotely execute arbitrary code. Horner Automation recommends affected users update to the latest version of Cscape (Version 9.80 SP4). The NCCIC also advises on a series of mitigating measures for these vulnerabilities. NCCIC/ICS-CERT.