CVE-2023-27858
Rockwell Automation Arena® Simulation Uninitialized Pointer Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.
Rockwell Automation Arena Simulation contiene una vulnerabilidad de ejecución de código arbitrario que podría permitir que un usuario malintencionado envíe código no autorizado al software mediante el uso de un puntero no inicializado en la aplicación. El actor de la amenaza podría entonces ejecutar código malicioso en el sistema afectando la confidencialidad, integridad y disponibilidad del producto. El usuario necesitaría abrir un archivo malicioso proporcionado por el atacante para que se ejecute el código.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-03-06 CVE Reserved
- 2023-10-27 CVE Published
- 2023-11-08 EPSS Updated
- 2024-09-09 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-824: Access of Uninitialized Pointer
CAPEC
- CAPEC-100: Overflow Buffers
References (0)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rockwellautomation Search vendor "Rockwellautomation" | Arena Simulation Search vendor "Rockwellautomation" for product "Arena Simulation" | < 16.20.02 Search vendor "Rockwellautomation" for product "Arena Simulation" and version " < 16.20.02" | - |
Affected
|