Vulnerability Details CVE-2023-27854
An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.6%
CVSS Severity
CVSS v3 Score 7.8
References
Products affected by CVE-2023-27854
-
cpe:2.3:a:rockwellautomation:arena:-
-
cpe:2.3:a:rockwellautomation:arena:10.00.00
-
cpe:2.3:a:rockwellautomation:arena:11.00.00
-
cpe:2.3:a:rockwellautomation:arena:12.00.00
-
cpe:2.3:a:rockwellautomation:arena:13.00.00
-
cpe:2.3:a:rockwellautomation:arena:13.50.00
-
cpe:2.3:a:rockwellautomation:arena:13.90.00
-
cpe:2.3:a:rockwellautomation:arena:14.00.00
-
cpe:2.3:a:rockwellautomation:arena:14.00.01
-
cpe:2.3:a:rockwellautomation:arena:14.50.00
-
cpe:2.3:a:rockwellautomation:arena:14.70.00
-
cpe:2.3:a:rockwellautomation:arena:15.00.00
-
cpe:2.3:a:rockwellautomation:arena:15.10.00
-
cpe:2.3:a:rockwellautomation:arena:15.10.01
-
cpe:2.3:a:rockwellautomation:arena:16.00.00
-
cpe:2.3:a:rockwellautomation:arena:16.00.01
-
cpe:2.3:a:rockwellautomation:arena:16.10.00
-
cpe:2.3:a:rockwellautomation:arena:16.20.00
-
cpe:2.3:a:rockwellautomation:arena:16.20.01
-
cpe:2.3:a:rockwellautomation:arena:2.00.00
-
cpe:2.3:a:rockwellautomation:arena:2.50.00
-
cpe:2.3:a:rockwellautomation:arena:3.00.00
-
cpe:2.3:a:rockwellautomation:arena:8.01.00
-
cpe:2.3:a:rockwellautomation:arena:9.00.00