Horner Automation Cscape
View CSAF Summary Successful exploitation of this vulnerability could allow a local attacker to disclose information and execute arbitrary code. The following versions of Horner Automation Cscape are affected: Cscape <10.2_SP3 CVSS Vendor Equipment Vulnerabilities v3 7.8 Horner Automation Horner Automation Cscape Out-of-bounds Read Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: United States Vulnerabilities Expand All + CVE-2026-12897 Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code. View CVE Details Affected Products Horner Automation Cscape Vendor: Horner Automation Product Version: Horner Automation Cscape: <10.2_SP3 Product Status: known_affected Remediations Vendor fix Horner Automation has released Cscape 10.2 SP3 for users to download. Vendor fix For more information, see the Cscape 10.2 SP3 release notes (https://hornerautomation.com/cscape-software-free/cscape-software/). https://hornerautomation.com/cscape-software-free/cscape-software/ Relevant CWE: CWE-125 Out-of-bounds Read Metrics CVSS Version Base Score Base Severity Vector String 3.1 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 4.0 8.4 HIGH CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Acknowledgments Michael Heinzl reported this vulnerability to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the intern
CSIRTS triage
- What
- A vulnerability could allow a local attacker to disclose information and execute arbitrary code.
- Who is affected
- Users of Horner Automation Cscape versions prior to 10.2 SP3.
- Urgency
- Critical urgency due to the severity of the vulnerabilities.
- Action
- Upgrade to Cscape version 10.2 SP3 or later.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Cscape
Get an email when a new Cscape advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-03
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-128970.13% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 3% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-12897 | coverage & exploitation status | NVD · CVE.org |
More from CISA Cybersecurity Advisories
- highCISA Adds Two Known Exploited Vulnerabilities to Catalog2026-07-10
- criticalSchneider Electric PowerChute Serial Shutdown2026-07-09
- criticalOpenPLC v32026-07-09
- criticalSchneider Electric Easergy MiCOM Px40 Series2026-07-09
- criticalSiemens SINEC OS2026-07-07