CVE-2023-27858— Rockwell Automation Arena Simulation Software 缓冲区错误漏洞

Rockwell Automation Arena® Simulation Uninitialized Pointer Vulnerability

Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application.  The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product.  The user would need to open a malicious file provided to them by the attacker for the code to execute.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

使用未经初始化的指针

Rockwell Automation Arena Simulation Software 缓冲区错误漏洞

Rockwell Automation Arena Simulation Software是美国罗克韦尔（Rockwell Automation）公司的一套提供3D动画和图形功能的仿真软件。 Rockwell Automation Arena Simulation存在安全漏洞，该漏洞源于存在任意代码执行漏洞，该漏洞可能允许恶意用户通过使用应用程序中未初始化的指针向软件提交未经授权的代码。

N/A

N/A