CISA flags CVE-2026-12897 in Horner Automation Cscape
Operators get a vendor fix today, while exposure still depends on workstation hygiene and network segmentation.
TL;DR
CISA disclosed CVE-2026-12897, a high-severity out-of-bounds read in Horner Automation Cscape versions before 10.2 SP3. The flaw affects Critical Manufacturing environments, including defense-industrial-base operators using Cscape, and can let a local attacker disclose information and execute arbitrary code. Horner has released Cscape 10.2 SP3. CISA says it has no reports of public exploitation and the vulnerability is not remotely exploitable.
Patch Cscape engineering workstations before treating this as another advisory to file. CISA says CVE-2026-12897 affects Horner Automation Cscape versions before 10.2 SP3 and can be triggered through CSP file parsing, allowing information disclosure and arbitrary code execution by a local attacker. Horner has released Cscape 10.2 SP3. For operators in Critical Manufacturing and adjacent defense supply chains, the work is straightforward: update the software, limit network exposure for control system assets, keep control networks segmented from business networks, and review remote-access paths. CISA reports no known public exploitation and says the flaw is not remotely exploitable, which lowers urgency. It does not eliminate the need to close the workstation path where malicious project files get opened.
Published ·Deep Fathom