CVE-2023-29461 - OpenCVE

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rockwellautomation	Arena Simulation

Configuration 1 [-]

OR	cpe:2.3:a:rockwellautomation:arena_simulation:16.00.00:::::::*
	cpe:2.3:a:rockwellautomation:arena_simulation:16.20.00:::::::*

No data.

References

Link	Providers
https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391

History

No history.

MITRE

Status: PUBLISHED

Assigner: Rockwell

Published: 2023-05-09T13:26:24.146Z

Updated: 2024-08-02T14:07:46.307Z

Reserved: 2023-04-06T18:42:59.008Z

Link: CVE-2023-29461

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-09T14:15:13.283

Modified: 2023-05-16T18:30:02.453

Link: CVE-2023-29461

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-29461", "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "state": "PUBLISHED", "assignerShortName": "Rockwell", "dateReserved": "2023-04-06T18:42:59.008Z", "datePublished": "2023-05-09T13:26:24.146Z", "dateUpdated": "2024-08-02T14:07:46.307Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Arena Simulation", "vendor": "Rockwell Automation", "versions": [{"lessThanOrEqual": "16.20", "status": "affected", "version": "16.00", "versionType": "Major"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "This vulnerability was reported to Rockwell Automation by Simon Janz working with Trend Micro's Zero Day Initiative."}], "datePublic": "2023-05-09T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to <span style=\"background-color: rgb(255, 255, 255);\">commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. </span>\n\n potentially resulting in a complete loss of confidentiality, integrity, and availability.</span><br>"}], "value": "An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. \n\n potentially\u00a0resulting in a complete loss of confidentiality, integrity, and availability.\n"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell", "dateUpdated": "2023-05-09T13:26:24.146Z"}, "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Customers using the affected software are encouraged to apply the risk mitigations, if possible.  <br></span><span style=\"background-color: var(--wht);\">- Upgrade to </span><u>16.20.01</u><span style=\"background-color: var(--wht);\"> which has been patched to mitigate this issue.</span>"}], "value": "\nCustomers using the affected software are encouraged to apply the risk mitigations, if possible.\u00a0\u00a0\n- Upgrade to 16.20.01\u00a0which has been patched to mitigate this issue."}], "source": {"discovery": "EXTERNAL"}, "title": "Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:07:46.307Z"}, "title": "CVE Program Container", "references": [{"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:arena_simulation:16.00.00:*:*:*:*:*:*:*", "matchCriteriaId": "B42EE5A3-B6F0-4D21-B3F8-7EBBC5B8A53B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rockwellautomation:arena_simulation:16.20.00:*:*:*:*:*:*:*", "matchCriteriaId": "4FAF4B54-35C6-4D7F-B940-FC5C70B56BB8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. \n\n potentially\u00a0resulting in a complete loss of confidentiality, integrity, and availability.\n"}], "id": "CVE-2023-29461", "lastModified": "2023-05-16T18:30:02.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}, "published": "2023-05-09T14:15:13.283", "references": [{"source": "PSIRT@rockwellautomation.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391"}], "sourceIdentifier": "PSIRT@rockwellautomation.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "PSIRT@rockwellautomation.com", "type": "Secondary"}]}