CVE-2023-29503

Summary

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

Affected Software

VendorProductVersion RangeStatus
Horner AutomationCscapev9.90 SP8affected
Horner AutomationCscape EnvisionRVv4.70affected

Weaknesses

  • CWE-121: CWE-121 STACK-BASED BUFFER OVERFLOW

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References