Login Sign Up

CVE-2021-32975

7.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2021-32975 is an out-of-bounds read vulnerability in Cscape software that could allow remote code execution when parsing malicious project files. Attackers could exploit this to execute arbitrary code with the privileges of the current user. All Cscape versions prior to 9.90 SP5 are affected.

💻 Affected Systems

Products:
  • Cscape
Versions: All versions prior to 9.90 SP5
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Cscape software used for programming and configuring Eaton's C-more and ELC soft PLCs in industrial environments.

📦 What is this software?

Cscape by Hornerautomation

View all CVEs affecting Cscape →

Cscape by Hornerautomation

View all CVEs affecting Cscape →

Cscape by Hornerautomation

View all CVEs affecting Cscape →

Cscape by Hornerautomation

View all CVEs affecting Cscape →

Cscape by Hornerautomation

View all CVEs affecting Cscape →

Cscape by Hornerautomation

View all CVEs affecting Cscape →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment on affected systems.

🟠

Likely Case

Local privilege escalation or denial of service through application crashes when processing malicious project files.

🟢

If Mitigated

Limited impact with proper network segmentation and file validation controls in place.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious project files, but could be delivered via phishing or compromised websites.
🏢 Internal Only: HIGH - Industrial control systems using Cscape are often critical infrastructure with limited security controls.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open malicious project files. No public exploits were available at advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.90 SP5 and later

Vendor Advisory: https://us-cert.cisa.gov/ics/advisories/icsa-21-224-02

Restart Required: Yes

Instructions:

1. Download Cscape version 9.90 SP5 or later from Eaton's official website. 2. Run the installer with administrative privileges. 3. Follow installation prompts. 4. Restart the system after installation completes.

🔧 Temporary Workarounds

Restrict project file sources

all

Only open project files from trusted sources and implement file validation procedures.

Network segmentation

all

Isolate Cscape systems from untrusted networks and implement strict firewall rules.

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of unauthorized code
  • Use least privilege principles and run Cscape with minimal user permissions

🔍 How to Verify

Check if Vulnerable:

Check Cscape version via Help > About menu. If version is below 9.90 SP5, system is vulnerable.

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Verify version is 9.90 SP5 or higher in Help > About menu after patching.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when opening project files
  • Unusual process creation from Cscape executable

Network Indicators:

  • Unexpected network connections from Cscape process
  • Downloads of project files from untrusted sources

SIEM Query:

Process Creation where Image contains 'cscape.exe' AND CommandLine contains unusual parameters

📊 Metadata

CVE ID: CVE-2021-32975
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: August 25, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32975, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)