PatchSiren cyber security CVE debrief
CVE-2024-12212 Horner Automation CVE debrief
CVE-2024-12212 is a high-severity vulnerability in Horner Automation Cscape, an industrial control system programming environment. Published on December 10, 2024, this vulnerability stems from improper validation during CSP file parsing, enabling out-of-bounds read conditions that can lead to arbitrary code execution. The affected versions are Cscape 10.0.363.1 and earlier. CISA issued advisory ICSA-24-345-05 on the same date as publication. The vendor has released Cscape v10 SP1 as a remediation. This vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Horner Automation
- Product
- Cscape
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-12-10
- Original CVE updated
- 2024-12-10
- Advisory published
- 2024-12-10
- Advisory updated
- 2024-12-10
Who should care
Organizations operating Horner Automation programmable logic controllers (PLCs) and utilizing Cscape for control system programming and configuration. This includes manufacturing facilities, water/wastewater utilities, building automation systems, and other industrial environments deploying Horner Automation solutions. Security teams responsible for OT/ICS asset management and vulnerability management programs should prioritize this update.
Technical summary
The vulnerability exists in Cscape's parsing of CSP (Control System Project) files. Insufficient validation of user-supplied data allows reading beyond allocated buffer boundaries. This out-of-bounds read condition can be leveraged to achieve arbitrary code execution within the context of the Cscape application. The CVSS 3.1 base score of 7.5 reflects network accessibility with low complexity, though the attack requires user interaction to open a malicious CSP file. The CVSS 4.0 vector indicates local attack vector with user interaction required, high impacts to confidentiality, integrity, and availability of the vulnerable component.
Defensive priority
HIGH
Recommended defensive actions
- Update Cscape to v10 SP1 or later as recommended by Horner Automation
- Restrict network access to engineering workstations running Cscape to authorized personnel only
- Implement application whitelisting on hosts running Cscape to prevent execution of unauthorized binaries
- Validate integrity of CSP files obtained from external sources before opening in Cscape
- Monitor for anomalous process behavior or unexpected network connections from Cscape processes
- Apply defense-in-depth strategies for industrial control systems per CISA guidance
- Segment OT networks from IT networks to limit lateral movement opportunities
Evidence notes
The vulnerability description and remediation guidance are sourced from CISA CSAF advisory ICSA-24-345-05. CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H indicates network attack vector with low attack complexity, no privileges required, and high availability impact. Affected product version confirmed as <=10.0.363.1. Vendor fix identified as Cscape v10 SP1 or later.
Official resources
-
CVE-2024-12212 CVE record
CVE.org
-
CVE-2024-12212 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-12-10