Description
Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code.
Published: 2026-06-25
Score: 8.4 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE describes an out‐of‑bounds read in Horner Automation Cscape triggered when the software parses CSP configuration files. An attacker who can provide a malicious CSP file could read memory beyond the intended buffer, exposing confidential information and, according to the vendor’s advisory, potentially enabling arbitrary code execution. The flaw is classified as CWE‑125.

Affected Systems

All users of Horner Automation Cscape running any version earlier than 10.2 SP3 are affected. The vendor has released the 10.2 SP3 update to fix the vulnerability.

Risk and Exploitability

The CVSS v3.1 score of 8.4 indicates a high severity level. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. Successful exploitation requires the ability to provide a specially crafted CSP file to the vulnerable Cscape instance; no additional conditions are documented in the CVE description.

Generated by OpenCVE AI on June 25, 2026 at 20:23 UTC.

Remediation

Vendor Solution

Horner Automation has released Cscape 10.2 SP3 for users to download. For more information, see the Cscape 10.2 SP3 release notes (https://hornerautomation.com/cscape-software-free/cscape-software/).

OpenCVE Recommended Actions

  • Download and install Cscape 10.2 SP3 from the vendor’s website.
  • Restrict read/write access on the CSP file directory to trusted administrators.
  • Validate or whitelist CSP files before parsing, or avoid loading untrusted configuration files.

Generated by OpenCVE AI on June 25, 2026 at 20:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Hornerautomation
Hornerautomation cscape
Vendors & Products Hornerautomation
Hornerautomation cscape

Thu, 25 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Description Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code.
Title Out-of-bounds read in Horner Automation Cscape
Weaknesses CWE-125
References
Metrics cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Hornerautomation Cscape
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-06-25T18:31:40.351Z

Reserved: 2026-06-22T13:32:43.685Z

Link: CVE-2026-12897

cve-icon Vulnrichment

Updated: 2026-06-25T18:31:36.013Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T21:15:05Z

Weaknesses