16.20.01

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

rockwellautomation

CWE-787

NVD

Published: 2023-05-09

Updated: 2023-11-15

Summary

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability.

Vulnerable Configurations

Part	Description	Count
Application	Rockwellautomation Rockwellautomation Arena Simulation 16.00.00 Rockwellautomation Arena Simulation 16.20.01	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-10