Local Code Execution Vulnerability in Arena®

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.

N/A

跨界内存写

Rockwell Automation Arena 缓冲区错误漏洞

Rockwell Automation Arena是美国罗克韦尔（Rockwell Automation）公司的一款离散事件模拟和自动化软件。 Rockwell Automation Arena存在缓冲区错误漏洞，该漏洞源于内存缓冲区写越界导致用户数据验证不足，可能导致信息泄露和任意代码执行。

N/A

N/A