CVE-2023-29460
published 2023-05-09CVE-2023-29460: An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious…
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.85%
53.5th percentile
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of confidentiality, integrity, and availability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | arena_simulation | 16.00 – 16.20 | — |
| rockwellautomation | arena | — | — |
| rockwellautomation | arena | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation Arena Simulation Software
cisa_ics·2023-05-11·CVSS 7.8
[HIGH] Rockwell Automation Arena Simulation Software
ICS Advisory
##
Rockwell Automation Arena Simulation Software
Release DateMay 11, 2023
Alert CodeICSA-23-131-10
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.8
- ATTENTION: Low attack complexity
- Vendor: Rockwell Automation
- Equipment: Arena Simulation Software
- Vulnerabilities: Incorrect Restriction of Operations within the Bounds of a Memory Buffer
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a malicious user to commit unauthorized arbitrary code to the software using a memory buffer overflow.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Rockwell Automation product is affected:
- Arena Simulation Software: v16.20.01
## 3.2 VULNERABILITY OVERVIEW
3.2.1 INCORRECT RESTRICTION OF OPERATIONS WITHIN THE BOU
GHSA
GHSA-9fwp-w4qx-7qpq: An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a mal
ghsa_unreviewed·2023-07-06
CVE-2023-29460 [CRITICAL] CWE-125 GHSA-9fwp-w4qx-7qpq: An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a mal
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of confidentiality, integrity, and availability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-05-09
Published