IM
IronMonkey Threat Research
‹ Back to ICS Advisories

Labcenter Proteus 9

HIGH
CVSS 7.8
Date 2026-07-07T06:00:00+00:00
Source cisa-csaf
Published by CISA

// Description

Successful exploitation of these vulnerabilities could disclose information and allow a malicious user to execute arbitrary code on affected installations.

// Vulnerabilities (3)

CVE ID CVSS Score Severity Description
CVE-2026-42958 7.8 high
The application contains a use-after-free vulnerability that can be exploited to cause memory corruption while parsing specially crafted files. This could allow an attacker to execute arbitrary code in the context of the current process.
CVE-2026-49033 7.8 high
The application contains a stack-based buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code.
CVE-2026-42953 7.8 high
The application contains an out-of-bounds write vulnerability that can be exploited by an attacker to cause the program to write data past the end of an allocated memory buffer. This can lead to arbitrary code execution.

// Remediations (2)

Patch: Labcenter recommends ensuring you are using the latest version (9.2 SPO) of the software. Version ca
Labcenter recommends ensuring you are using the latest version (9.2 SPO) of the software. Version can be found by looking at the bottom left of the Proteus home page (Version 8 or higher) or by selecting the About ISIS or About ARES option from the Help menu. Update notifications appear in the new and information section of the home page where you can activate the download and installation directly.
Mitigation: If you have questions or need help please contact Labcenter or your local distributor.
If you have questions or need help please contact Labcenter or your local distributor.

// References