CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27858 – Rockwell Automation Arena® Simulation Uninitialized Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2023-27858
27 Oct 2023 — Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute. Rockwell Automation Arena Simulation ... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27854 – Rockwell Automation Arena® Simulation Out of Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-27854
27 Oct 2023 — An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute. Se informó a Rockwell Automation en ... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145 • CWE-125: Out-of-bounds Read •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29462 – Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-29462
09 May 2023 — An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is req... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29461 – Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-29461
09 May 2023 — An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is req... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29460 – Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-29460
09 May 2023 — An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of confidentiality, integrity, and availability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to expl... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13519 – Rockwell Automation Arena Simulation DOE File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13519
09 Sep 2019 — A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities. Un archivo de programa creado con fines maliciosos abierto por parte de un usuario desprevenido de Rockwell Automation Arena Simulation Software versión 16.00.00... • https://www.us-cert.gov/ics/advisories/icsa-19-213-05 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13521 – Rockwell Automation Arena Simulation DOE File Insufficient UI Warning Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13521
09 Sep 2019 — A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities. Un archivo de programa diseñado con fines maliciosos abierto por parte de un usuario desprevenido de Rockwell Automation Arena Simulation Software versión 16.00.... • https://www.us-cert.gov/ics/advisories/icsa-19-213-05 • CWE-357: Insufficient UI Warning of Dangerous Operations •