Rockwell Automation Arena® Simulation Uninitialized Pointer Vulnerability
CVE-2023-27858

7.8HIGH

Key Information:

Vendor: Rockwell Automation
Status: Arena Simulation
Vendor: CVE Published:; 27 October 2023

Summary

Rockwell Automation Arena Simulation is susceptible to an arbitrary code execution vulnerability, which enables malicious users to exploit an uninitialized pointer within the application. This vulnerability could lead to unauthorized code execution if a user inadvertently opens a maliciously crafted file. Once executed, the code can compromise the system's confidentiality, integrity, and availability, significantly impacting the usability and security of the product.

Affected Version(s)

Arena Simulation All versions before the 16.20.02 Patch

References

https://rockwellautomation.custhelp.com/app/answers/answe...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 27, 2023
Vulnerability Reserved
Mar 6, 2023

Credit

These vulnerabilities were reported to Rockwell Automation by Michael Heinzl