CVE-2023-31244

Summary

The affected product does not properly validate user-supplied data. If a user opens a maliciously formed CSP file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer.

Affected Software

VendorProductVersion RangeStatus
Horner AutomationCscapev9.90 SP8affected
Horner AutomationCscape EnvisionRVv4.70affected

Weaknesses

  • CWE-824: CWE-824 Access of Uninitialized Pointer

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References