CVE-2023-29461 (GCVE-0-2023-29461)
Vulnerability from cvelistv5 – Published: 2023-05-09 13:26 – Updated: 2025-01-28 17:25
VLAI
EPSS
VEX
Title
Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability
Summary
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap.
potentially resulting in a complete loss of confidentiality, integrity, and availability.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | Arena Simulation |
Affected:
16.00 , ≤ 16.20
(Major)
|
Date Public
2023-05-09 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T17:25:32.116480Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T17:25:39.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arena Simulation",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "16.20",
"status": "affected",
"version": "16.00",
"versionType": "Major"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "This vulnerability was reported to Rockwell Automation by Simon Janz working with Trend Micro\u0027s Zero Day Initiative."
}
],
"datePublic": "2023-05-09T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn arbitrary code execution vulnerability contained in Rockwell Automation\u0027s Arena Simulation software was reported that could potentially allow a malicious user to \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecommit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. \u003c/span\u003e\n\n potentially\u0026nbsp;resulting in a complete loss of confidentiality, integrity, and availability.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An arbitrary code execution vulnerability contained in Rockwell Automation\u0027s Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. \n\n potentially\u00a0resulting in a complete loss of confidentiality, integrity, and availability.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T13:26:24.146Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCustomers using the affected software are encouraged to apply the risk mitigations, if possible.\u0026nbsp;\u0026nbsp;\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e- Upgrade to \u003c/span\u003e\u003cu\u003e16.20.01\u003c/u\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;which has been patched to mitigate this issue.\u003c/span\u003e"
}
],
"value": "\nCustomers using the affected software are encouraged to apply the risk mitigations, if possible.\u00a0\u00a0\n- Upgrade to 16.20.01\u00a0which has been patched to mitigate this issue."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-29461",
"datePublished": "2023-05-09T13:26:24.146Z",
"dateReserved": "2023-04-06T18:42:59.008Z",
"dateUpdated": "2025-01-28T17:25:39.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-29461",
"date": "2026-07-09",
"epss": "0.0085",
"percentile": "0.53809"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-29461\",\"sourceIdentifier\":\"PSIRT@rockwellautomation.com\",\"published\":\"2023-05-09T14:15:13.283\",\"lastModified\":\"2026-06-17T05:50:06.390\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An arbitrary code execution vulnerability contained in Rockwell Automation\u0027s Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. \\n\\n potentially\u00a0resulting in a complete loss of confidentiality, integrity, and availability.\\n\"}],\"affected\":[{\"source\":\"PSIRT@rockwellautomation.com\",\"affectedData\":[{\"vendor\":\"Rockwell Automation\",\"product\":\"Arena Simulation\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"16.00\",\"lessThanOrEqual\":\"16.20\",\"versionType\":\"Major\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"PSIRT@rockwellautomation.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-01-28T17:25:32.116480Z\",\"id\":\"CVE-2023-29461\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"PSIRT@rockwellautomation.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:arena:16.00.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6723E99-02D0-4A2C-BAFA-8D05069A2CB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:arena:16.20.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D2E0344-ABC2-4C88-9DE4-F158FDC7AF1B\"}]}]}],\"references\":[{\"url\":\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391\",\"source\":\"PSIRT@rockwellautomation.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"Arena Simulation\", \"vendor\": \"Rockwell Automation\", \"versions\": [{\"lessThanOrEqual\": \"16.20\", \"status\": \"affected\", \"version\": \"16.00\", \"versionType\": \"Major\"}]}], \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"This vulnerability was reported to Rockwell Automation by Simon Janz working with Trend Micro\u0027s Zero Day Initiative.\"}], \"datePublic\": \"2023-05-09T14:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eAn arbitrary code execution vulnerability contained in Rockwell Automation\u0027s Arena Simulation software was reported that could potentially allow a malicious user to \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ecommit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. \u003c/span\u003e\\n\\n potentially\u0026nbsp;resulting in a complete loss of confidentiality, integrity, and availability.\u003c/span\u003e\u003cbr\u003e\"}], \"value\": \"An arbitrary code execution vulnerability contained in Rockwell Automation\u0027s Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. \\n\\n potentially\\u00a0resulting in a complete loss of confidentiality, integrity, and availability.\\n\"}], \"impacts\": [{\"capecId\": \"CAPEC-100\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-100 Overflow Buffers\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"LOCAL\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"REQUIRED\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"b73dd486-f505-4403-b634-40b078b177f0\", \"shortName\": \"Rockwell\", \"dateUpdated\": \"2023-05-09T13:26:24.146Z\"}, \"references\": [{\"url\": \"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391\"}], \"solutions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eCustomers using the affected software are encouraged to apply the risk mitigations, if possible.\u0026nbsp;\u0026nbsp;\u003cbr\u003e\u003c/span\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003e- Upgrade to \u003c/span\u003e\u003cu\u003e16.20.01\u003c/u\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003e\u0026nbsp;which has been patched to mitigate this issue.\u003c/span\u003e\"}], \"value\": \"\\nCustomers using the affected software are encouraged to apply the risk mitigations, if possible.\\u00a0\\u00a0\\n- Upgrade to 16.20.01\\u00a0which has been patched to mitigate this issue.\"}], \"source\": {\"discovery\": \"EXTERNAL\"}, \"title\": \"Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability\", \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T14:07:46.307Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391\", \"tags\": [\"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-29461\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-28T17:25:32.116480Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-28T17:25:35.338Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2023-29461\", \"assignerOrgId\": \"b73dd486-f505-4403-b634-40b078b177f0\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"Rockwell\", \"dateReserved\": \"2023-04-06T18:42:59.008Z\", \"datePublished\": \"2023-05-09T13:26:24.146Z\", \"dateUpdated\": \"2025-01-28T17:25:39.339Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…