CVE-2021-22678
23.04.2021, 18:15
Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to execute code in the context of the current process.Enginsight
| Vendor | Product | Version |
|---|---|---|
| hornerautomation | cscape | 𝑥 < 9.90 |
| hornerautomation | cscape | 9.90 |
| hornerautomation | cscape | 9.90:sp1 |
| hornerautomation | cscape | 9.90:sp2 |
| hornerautomation | cscape | 9.90:sp3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.