HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Out-of-Bounds Read (CVE-2026-12897) in Horner Automation Cscape Enables Arbitrary Code Execution

CVE‑2026‑12897 affects Horner Automation Cscape versions prior to 10.2 SP3, allowing a local attacker to read memory and execute arbitrary code. The vulnerability scores 7.8 (CVSS v3) and has a public fix. For SOC 2‑aligned organizations, the issue underscores the need for robust patch‑management controls and continuous evidence of remediation.

LiveThreat™ Intelligence · 📅 June 25, 2026· 📰 cisa.gov
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
1 sector(s)
Actions
3 recommended
📰
Source
cisa.gov

Out-of-Bounds Read (CVE‑2026‑12897) in Horner Automation Cscape Enables Arbitrary Code Execution

What It Is — Horner Automation’s Cscape industrial‑control software versions prior to 10.2 SP3 contain an out‑of‑bounds read vulnerability (CVE‑2026‑12897) that can be triggered by parsing a crafted CSP file. Successful exploitation may disclose sensitive information and allow arbitrary code execution on the affected system.

Exploitability — The flaw scores 7.8 (CVSS v3) and is exploitable by a local attacker; proof‑of‑concept code has been observed in the wild.

Affected Products — Horner Automation Cscape < 10.2 SP3 (deployed worldwide, primarily in critical manufacturing environments).

Why It Matters for Compliance & Audit Readiness

  • Control mapping – The vulnerability exposes a gap in configuration‑ and patch‑management controls that map to SOC 2 Security Principle CC6.1 (change management).
  • Continuous evidence – Demonstrating timely patch deployment and retaining verification logs creates audit‑ready evidence of due diligence.
  • Enterprise buyer expectations – Customers increasingly require proof that OT assets are covered by documented, continuously monitored controls before signing contracts.

Recommended Actions

  • Deploy Horner Automation Cscape 10.2 SP3 immediately.
  • Verify patch installation across all OT assets using automated configuration‑management tools.
  • Update your SOC 2 control inventory to reflect the patched state and capture screenshots or logs as evidence.
  • Document the remediation process in your incident‑response and change‑management records.

Source: CISA Advisory – ICSA‑26‑176‑03

📰 Original Source
https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-03

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →