Horner Automation Cscape CVE-2018-19005 Remote Code Execution Vulnerability

Bugtraq ID:	106275
Class:	Input Validation Error
CVE:	CVE-2018-19005
Remote:	Yes
Local:	No
Published:	Dec 20 2018 12:00AM
Updated:	Dec 20 2018 12:00AM
Credit:	rgod and mdm from 9SG Security Team.
Vulnerable:	Horner Automation Cscape 9.80.75.3 SP3 Horner Automation Cscape 9.80.75.3 Horner Automation Cscape 9.3 Horner Automation Cscape 9.0 Horner Automation Cscape 8.0 Horner Automation Cscape 4
Not Vulnerable:	Horner Automation Cscape 9.80 SP4

Horner Automation Cscape CVE-2018-19005 Remote Code Execution Vulnerability

Horner Automation Cscape is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Horner Automation Cscape 9.80.75.3 SP3 and prior versions are vulnerable.

Horner Automation Cscape CVE-2018-19005 Remote Code Execution Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Horner Automation Cscape CVE-2018-19005 Remote Code Execution Vulnerability

References:

• Horner Automation Cscape Product Page (Horner Automation)
  
• Horner Automation Home Page (Horner Automation)
  
• Advisory (ICSA-18-354-01) (ICS-CERT)