{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T02:09:56.711","vulnerabilities":[{"cve":{"id":"CVE-2023-27854","sourceIdentifier":"PSIRT@rockwellautomation.com","published":"2023-10-27T19:15:41.157","lastModified":"2024-12-17T16:14:05.870","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"\nAn arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow.  The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product.  The user would need to open a malicious file provided to them by the attacker for the code to execute.\n\n\n"},{"lang":"es","value":"Se informó a Rockwell Automation en Arena Simulation de una vulnerabilidad de ejecución de código arbitrario que potencialmente podría permitir que un usuario malintencionado envíe código arbitrario no autorizado al software mediante el uso de un desbordamiento del búfer de memoria. El actor de la amenaza podría entonces ejecutar código malicioso en el sistema afectando la confidencialidad, integridad y disponibilidad del producto. El usuario necesitaría abrir un archivo malicioso proporcionado por el atacante para que se ejecute el código."}],"metrics":{"cvssMetricV31":[{"source":"PSIRT@rockwellautomation.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"PSIRT@rockwellautomation.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:arena:*:*:*:*:*:*:*:*","versionEndExcluding":"16.20.02","matchCriteriaId":"3DBAECB8-1538-4190-806F-0326B910B18C"}]}]}],"references":[{"url":"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145","source":"PSIRT@rockwellautomation.com","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Vendor Advisory"]}]}}]}