CVE-2023-29462 — HIGH (7.8)

Vulnerability Description

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Rockwellautomation	Arena	16.00.00

Related Weaknesses (CWE)

CWE-787

References

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391Broken Link
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-10Third Party AdvisoryUS Government Resource
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391Broken Link

FAQ

What is CVE-2023-29462?

CVE-2023-29462 is a vulnerability with a CVSS score of 7.8 (HIGH). An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code ...

How severe is CVE-2023-29462?

CVE-2023-29462 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-29462?

Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Arena.