PatchSiren

Horner Automation CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL Horner Automation CVE published 2026-04-16

CVE-2026-6284

CVE-2026-6284 is a critical authentication weakness affecting Horner Automation Cscape and XL4/XL7 PLC products. CISA says an attacker with network access to the PLC can brute-force passwords because of limited password complexity and the lack of password input limiters, which can lead to unauthorized access to systems and services. The published remediation is to update Cscape to v10.2 SP2 or later and i [truncated]

HIGH Horner Automation CVE published 2025-05-08

CVE-2025-4098

CVE-2025-4098 is a high-severity vulnerability affecting Horner Automation Cscape version 10.0 (10.0.415.2) SP1. CISA’s advisory says the issue is an out-of-bounds read that could allow an attacker to disclose information and execute arbitrary code on affected installations. The advisory was published on 2025-05-08, and the vendor has released Cscape 10.1 SP1 as the fixed version.

HIGH Horner Automation CVE published 2024-12-10

CVE-2024-9508

A memory corruption vulnerability in Horner Automation Cscape (versions ≤10.0.363.1) enables local attackers to disclose sensitive information and execute arbitrary code. The flaw requires local access and user interaction, with HIGH impacts to confidentiality, integrity, and availability per CVSS 3.1 scoring. CISA published this advisory on December 10, 2024, as ICSA-24-345-05. The vendor has released Cs [truncated]

HIGH Horner Automation CVE published 2024-12-10

CVE-2024-12212

CVE-2024-12212 is a high-severity vulnerability in Horner Automation Cscape, an industrial control system programming environment. Published on December 10, 2024, this vulnerability stems from improper validation during CSP file parsing, enabling out-of-bounds read conditions that can lead to arbitrary code execution. The affected versions are Cscape 10.0.363.1 and earlier. CISA issued advisory ICSA-24-34 [truncated]