What is CVE-2023-27854?

CVE-2023-27854 is a vulnerability in Rockwell Automation Arena Simulation that allows an attacker to execute arbitrary code by exploiting a memory buffer overflow.

What is the severity of CVE-2023-27854?

The severity of CVE-2023-27854 is rated as high, with a severity value of 7.8.

Which software versions are affected by CVE-2023-27854?

CVE-2023-27854 affects Rockwell Automation Arena Simulation up to version 16.20.02.

How can CVE-2023-27854 be exploited?

CVE-2023-27854 can be exploited by a threat actor using a memory buffer overflow to execute malicious code on the system.

How can I fix CVE-2023-27854?

To fix CVE-2023-27854, it is recommended to update Rockwell Automation Arena Simulation to a version that is not affected by the vulnerability.

Vulnerability/
CVE-2023-27854

high

7.8

CWE

125 119

27/10/2023

10/9/2024

CVE-2023-27854: Rockwell Automation Arena® Simulation Out of Bounds Read Vulnerability

First published: Fri Oct 27 2023(Updated: )

An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.

Credit: PSIRT@rockwellautomation.com

Affected Software	Affected Version	How to fix
Rockwellautomation Arena Simulation	<16.20.02

Remedy

* Upgrade to 16.20.02 which has been patched to mitigate these issues, by referencing BF29820 - Patch: ZDI Security Patch & Windows 11 updates , Arena 16.2 https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141044 .

Never miss a vulnerability like this again

Reference Links

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145

Frequently Asked Questions

What is CVE-2023-27854?
CVE-2023-27854 is a vulnerability in Rockwell Automation Arena Simulation that allows an attacker to execute arbitrary code by exploiting a memory buffer overflow.
What is the severity of CVE-2023-27854?
The severity of CVE-2023-27854 is rated as high, with a severity value of 7.8.
Which software versions are affected by CVE-2023-27854?
CVE-2023-27854 affects Rockwell Automation Arena Simulation up to version 16.20.02.
How can CVE-2023-27854 be exploited?
CVE-2023-27854 can be exploited by a threat actor using a memory buffer overflow to execute malicious code on the system.
How can I fix CVE-2023-27854?
To fix CVE-2023-27854, it is recommended to update Rockwell Automation Arena Simulation to a version that is not affected by the vulnerability.

collector/nvd-api
agent/type
agent/event
agent/first-publish-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/title
agent/last-modified-date
agent/severity
agent/remedy
agent/tags
agent/references
agent/author
agent/description
vendor/rockwellautomation
canonical/rockwellautomation arena simulation

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.