PatchSiren cyber security CVE debrief
CVE-2025-4098 Horner Automation CVE debrief
CVE-2025-4098 is a high-severity vulnerability affecting Horner Automation Cscape version 10.0 (10.0.415.2) SP1. CISA’s advisory says the issue is an out-of-bounds read that could allow an attacker to disclose information and execute arbitrary code on affected installations. The advisory was published on 2025-05-08, and the vendor has released Cscape 10.1 SP1 as the fixed version.
- Vendor
- Horner Automation
- Product
- Cscape
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-05-08
- Original CVE updated
- 2025-05-08
- Advisory published
- 2025-05-08
- Advisory updated
- 2025-05-08
Who should care
OT security teams, engineering workstation owners, industrial control system administrators, and anyone running Horner Automation Cscape 10.0 (10.0.415.2) SP1 should treat this as a priority patch issue.
Technical summary
The advisory describes an out-of-bounds read in Horner Automation Cscape 10.0 (10.0.415.2) SP1. The supplied CVSS v3.1 vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local attack conditions with user interaction required and potential impact to confidentiality, integrity, and availability. The source material states the flaw may permit information disclosure and arbitrary code execution. CISA lists a vendor fix: Cscape version 10.1 SP1.
Defensive priority
High. The combination of ICS software, a high CVSS score of 7.8, potential arbitrary code execution, and the availability of a vendor fix makes remediation important for exposed engineering or operator environments.
Recommended defensive actions
- Upgrade Horner Automation Cscape to version 10.1 SP1 or later as provided by the vendor.
- Prioritize systems running Cscape 10.0 (10.0.415.2) SP1 for inventory and remediation verification.
- Restrict access to engineering workstations and limit who can open or process untrusted project files on affected systems.
- Apply least privilege and standard ICS hardening practices on hosts that use Cscape.
- Review Horner Automation release notes and CISA recommended practices before and after patching.
- Validate backups and recovery procedures for affected engineering environments before making changes.
Evidence notes
All core claims are taken from the supplied CISA CSAF advisory for ICSA-25-128-01 and the embedded vendor remediation notes. The advisory identifies the affected product as Horner Automation Cscape version 10.0 (10.0.415.2) SP1, describes the issue as an out-of-bounds read, and states that it could allow information disclosure and arbitrary code execution. The remediation field states that Horner Automation has released Cscape version 10.1 SP1. No KEV listing was provided in the source corpus.
Official resources
-
CVE-2025-4098 CVE record
CVE.org
-
CVE-2025-4098 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA ICS advisory ICSA-25-128-01 on 2025-05-08. The source corpus does not indicate KEV inclusion or ransomware campaign association.