Out-of-Bounds Read (CVE‑2026‑12897) in Horner Automation Cscape Enables Arbitrary Code Execution
What It Is — Horner Automation’s Cscape industrial‑control software versions prior to 10.2 SP3 contain an out‑of‑bounds read vulnerability (CVE‑2026‑12897) that can be triggered by parsing a crafted CSP file. Successful exploitation may disclose sensitive information and allow arbitrary code execution on the affected system.
Exploitability — The flaw scores 7.8 (CVSS v3) and is exploitable by a local attacker; proof‑of‑concept code has been observed in the wild.
Affected Products — Horner Automation Cscape < 10.2 SP3 (deployed worldwide, primarily in critical manufacturing environments).
Why It Matters for Compliance & Audit Readiness
- Control mapping – The vulnerability exposes a gap in configuration‑ and patch‑management controls that map to SOC 2 Security Principle CC6.1 (change management).
- Continuous evidence – Demonstrating timely patch deployment and retaining verification logs creates audit‑ready evidence of due diligence.
- Enterprise buyer expectations – Customers increasingly require proof that OT assets are covered by documented, continuously monitored controls before signing contracts.
Recommended Actions
- Deploy Horner Automation Cscape 10.2 SP3 immediately.
- Verify patch installation across all OT assets using automated configuration‑management tools.
- Update your SOC 2 control inventory to reflect the patched state and capture screenshots or logs as evidence.
- Document the remediation process in your incident‑response and change‑management records.
Source: CISA Advisory – ICSA‑26‑176‑03