CVE-2023-27858

27.10.2023, 19:15

Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application.  The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product.  The user would need to open a malicious file provided to them by the attacker for the code to execute.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
rockwellautomation	arena	𝑥 < 16.20.02

𝑥

= Vulnerable software versions

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
rockwellautomation	arena_simulation	𝑥 < 16.20.02	ADP

Common Weakness Enumeration

CWE-824 - Access of Uninitialized Pointer
The program accesses or uses a pointer that has not been initialized.

References

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145