The NCCIC has published an advisory on an improper input validation vulnerability in Horner Automation Cscape. Versions 9.80.75.3 SP3 and prior are affected. Successful exploitation of this vulnerability could crash the device being accessed, allow the attacker to read confidential information, and may allow an attacker to remotely execute arbitrary code. Horner Automation recommends affected users update to the latest version of Cscape (Version 9.80 SP4). The NCCIC also advises on a series of mitigating measures for these vulnerabilities. NCCIC/ICS-CERT.
Early bird registration for H2OSecCon 2024 is now open! - REGISTER HERE