High-severity bugs identified in Horner PLC software

Malicious font files could be leveraged to abuse seven high-severity remote code execution flaws in Horner Automation's Cscape programmable logic controller software, which is being widely used in the critical manufacturing industry, according to SecurityWeek. All of the Cscape vulnerabilities were identified by researcher Michael Keinzl, who noted that the bugs were out-of-bounds read/write, heap-based buffer overflow, and uninitialized pointer concerns involving improper user-supplied data validation during the app's font parsing stage. Threat actors could abuse the flaws to facilitate arbitrary code execution through lures involving the opening of a specially crafted font file. Such an action would enable the execution of attacker code with user privileges, said Keinzl, who has also discovered security vulnerabilities in Elcomplus industrial products, Omron's CX-Programmer PLC programming software, Delta Electronics' DIAEnergie industrial energy management system, Fuji Electric's Tellus factory monitoring and operating offering, and mySCADA's myPRO HMI/SCADA tool. Horner has already addressed all of the vulnerabilities, noted the Cybersecurity and Infrastructure Security Agency.