9.8

CVE-2023-29461

EPSS 0.69%
Veröffentlicht 09.05.2023 14:15:13
Zuletzt bearbeitet 17.12.2024 15:52:01
Quelle PSIRT@rockwellautomation.com
CVE-Watchlists
Login
Unerledigt
Login

Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. 

 potentially resulting in a complete loss of confidentiality, integrity, and availability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rockwellautomation ≫ Arena Version16.00.00

Rockwellautomation ≫ Arena Version16.20.00

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.69%	0.72

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
PSIRT@rockwellautomation.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391

Vendor Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2023-29461

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-29461

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-29461

EUVD