Horner Automation Cscape versions prior to 10 are susceptible to a high-severity vulnerability that poses a risk of unauthorized system access.

This vulnerability affects Cscape versions prior to 10; administrators should assume a high risk of exploitation until official patches are applied and verified.

The CVSS score of 8.4 indicates a high level of risk, particularly for industrial control environments relying on Cscape. Compromise of this software could allow attackers to manipulate automation processes or gain unauthorized access to the underlying host, leading to operational downtime or critical safety risks.

Immediate Action: Update all Cscape installations to version 10 or the latest version recommended by Horner Automation.

Proactive Monitoring: Monitor industrial network traffic for unexpected communication or command execution attempts directed at the Cscape host.

Compensating Controls: Implement strict network segmentation to isolate Cscape workstations from untrusted networks, significantly reducing the attack surface.

Public Exploit Available: false

Due to the critical nature of automation software, this vulnerability must be addressed urgently. Organizations should coordinate with their ICS/OT security teams to apply the necessary updates during the next scheduled maintenance window to mitigate the risk of unauthorized system manipulation.