First published: Tue May 09 2023(Updated: )
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability.
Credit: PSIRT@rockwellautomation.com PSIRT@rockwellautomation.com
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation Arena Simulation | =16.00.00 | |
Rockwellautomation Arena Simulation | =16.20.00 | |
Rockwell Automation Arena Simulation Software | =16.20.01 | |
Rockwellautomation Arena | =16.00.00 | |
Rockwellautomation Arena | =16.20.00 |
Customers using the affected software are encouraged to apply the risk mitigations, if possible. - Upgrade to 16.20.01 which has been patched to mitigate this issue.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-29461 is an arbitrary code execution vulnerability in Rockwell Automation's Arena Simulation software.
CVE-2023-29461 is considered a critical vulnerability with a severity score of 9.8.
The affected software for CVE-2023-29461 is Rockwell Automation's Arena Simulation version 16.00.00 and 16.20.00.
CVE-2023-29461 has the potential to allow a malicious user to execute arbitrary code in the software, leading to unauthorized access and potential system compromise.
To mitigate CVE-2023-29461, it is recommended to implement the security patch provided by Rockwell Automation and update the Arena Simulation software to the latest version.