Several Horner PLC Software Vulnerabilities Allow Code Execution via Malicious Font Files

A cybersecurity researcher uncovered seven high-severity remote code execution vulnerabilities in Horner Automation’s Cscape software, all of which may be exploited through malicious font files. Horner Automation is a firm established in the United States that provides solutions for industrial process and building automation. Its Cscape programmable logic controller (PLC) software allows for ladder diagram programming and the building of operator interfaces. Cscape is utilised internationally, notably in the vital industrial sector, according to the US Cybersecurity and Infrastructure Security Agency (CISA). Read More…