First published: Tue May 09 2023(Updated: )
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability.
Credit: PSIRT@rockwellautomation.com PSIRT@rockwellautomation.com
Affected Software | Affected Version | How to fix |
---|---|---|
Rockwellautomation Arena Simulation | =16.00.00 | |
Rockwellautomation Arena Simulation | =16.20.01 | |
Rockwell Automation Arena Simulation Software | =16.20.01 | |
Rockwellautomation Arena | =16.00.00 | |
Rockwellautomation Arena | =16.20.01 |
Customers using the affected software are encouraged to apply the risk mitigations, if possible. - Upgrade to 16.20.01 which has been patched to mitigate this issue.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-29462 is an arbitrary code execution vulnerability in Rockwell Automation's Arena Simulation software that allows a malicious user to execute unauthorized code using a memory buffer overflow in the heap.
CVE-2023-29462 has a severity rating of 8.8, which is considered high.
CVE-2023-29462 affects Rockwell Automation's Arena Simulation software versions 16.00.00 and 16.20.01.
To fix CVE-2023-29462, it is recommended to update to the latest version of Rockwell Automation's Arena Simulation software.
More information about CVE-2023-29462 can be found in the official Rockwell Automation and CISA advisories linked in the references.