First published: Tue May 09 2023(Updated: )
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of confidentiality, integrity, and availability.
Credit: PSIRT@rockwellautomation.com PSIRT@rockwellautomation.com
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation Arena Simulation | =16.00.00 | |
Rockwellautomation Arena Simulation | =16.20.00 | |
Rockwell Automation Arena Simulation Software | =16.20.01 | |
Rockwellautomation Arena | =16.00.00 | |
Rockwellautomation Arena | =16.20.00 |
Customers using the affected software are encouraged to apply the risk mitigations, if possible. - Upgrade to 16.20.01 which has been patched to mitigate this issue.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-29460 is an arbitrary code execution vulnerability found in Rockwell Automation's Arena Simulation software.
A malicious user can exploit CVE-2023-29460 by using a memory buffer overflow to execute unauthorized arbitrary code in the software.
CVE-2023-29460 has a severity rating of 9.8 (Critical).
CVE-2023-29460 affects versions 16.00.00 and 16.20.00 of Rockwell Automation's Arena Simulation software.
To fix CVE-2023-29460, it is recommended to apply the latest security patch or update provided by Rockwell Automation.