8.8

CVE-2023-29462

EPSS 0.09%
Veröffentlicht 09.05.2023 14:15:13
Zuletzt bearbeitet 17.12.2024 15:52:01
Quelle PSIRT@rockwellautomation.com
CVE-Watchlists
Login
Unerledigt
Login

Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. 

 potentially resulting in a complete loss of confidentiality, integrity, and availability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rockwellautomation ≫ Arena Version16.00.00

Rockwellautomation ≫ Arena Version16.20.01

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.248

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
PSIRT@rockwellautomation.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391

Broken Link

https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-10

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2023-29462

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-29462

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-29462

EUVD