Horner Automation Cscape (ICSA-19-050-03)

The NCCIC has published an advisory on an improper input validation vulnerability in Horner Automation Cscape. Versions 9.80 SP4 and and prior are affected. Successful exploitation of this vulnerability could crash the device being accessed, which may allow the attacker to read confidential information and remotely execute arbitrary code. Horner Automation recommends affected users update to the latest version of Cscape (Version 9.90). The NCCIC also advises on a series of mitigating measures for these vulnerabilities. Read the advisory at NCCIC/ICS-CERT.