CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27858 – Rockwell Automation Arena® Simulation Uninitialized Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2023-27858
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute. Rockwell Automation Arena Simulation contiene una vulnerabilidad de ejecución de código arbitrario que podría permitir que un usuario malintencionado envíe código no autorizado al software mediante el uso de un puntero no inicializado en la aplicación. El actor de la amenaza podría entonces ejecutar código malicioso en el sistema afectando la confidencialidad, integridad y disponibilidad del producto. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27854 – Rockwell Automation Arena® Simulation Out of Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-27854
An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute. Se informó a Rockwell Automation en Arena Simulation de una vulnerabilidad de ejecución de código arbitrario que potencialmente podría permitir que un usuario malintencionado envíe código arbitrario no autorizado al software mediante el uso de un desbordamiento del búfer de memoria. El actor de la amenaza podría entonces ejecutar código malicioso en el sistema afectando la confidencialidad, integridad y disponibilidad del producto. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29462 – Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-29462
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOE files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391 https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-10 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29461 – Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-29461
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOE files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29460 – Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-29460
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of confidentiality, integrity, and availability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOE files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391 • CWE-125: Out-of-bounds Read •