Main Vulnerability Database Vulnerabilities #VU17785

Input validation error in Cscape - CVE-2019-6555

Published: February 20, 2019

Vulnerability identifier: #VU17785

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-6555

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Horner Automation

Affected software:
Cscape

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim into processing specially crafted POC files and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

How to mitigate CVE-2019-6555

Update to version 9.90.

Sources

https://ics-cert.us-cert.gov/advisories/ICSA-19-050-03

Input validation error in Cscape - CVE-2019-6555

Detailed vulnerability description

How to mitigate CVE-2019-6555

Sources

Please verify you're human