Horner Automation Cscape

HIGH

CVSS 7.8

Date 2026-06-25T06:00:00+00:00

Source cisa-csaf

Published by CISA

// Description

Successful exploitation of this vulnerability could allow a local attacker to disclose information and execute arbitrary code.

CVE ID	CVSS Score	Severity	Description
CVE-2026-12897	7.8	high	Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code.

Patch: For more information, see the Cscape 10.2 SP3 release notes (https://hornerautomation.com/cscape-sof

For more information, see the Cscape 10.2 SP3 release notes (https://hornerautomation.com/cscape-software-free/cscape-software/).

Patch: Horner Automation has released Cscape 10.2 SP3 for users to download.

Horner Automation has released Cscape 10.2 SP3 for users to download.