{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T12:44:42.130","vulnerabilities":[{"cve":{"id":"CVE-2023-27858","sourceIdentifier":"PSIRT@rockwellautomation.com","published":"2023-10-27T19:15:41.230","lastModified":"2024-12-17T16:13:20.770","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"\nRockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application.  The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product.  The user would need to open a malicious file provided to them by the attacker for the code to execute.\n\n"},{"lang":"es","value":"Rockwell Automation Arena Simulation contiene una vulnerabilidad de ejecución de código arbitrario que podría permitir que un usuario malintencionado envíe código no autorizado al software mediante el uso de un puntero no inicializado en la aplicación. El actor de la amenaza podría entonces ejecutar código malicioso en el sistema afectando la confidencialidad, integridad y disponibilidad del producto. El usuario necesitaría abrir un archivo malicioso proporcionado por el atacante para que se ejecute el código."}],"metrics":{"cvssMetricV31":[{"source":"PSIRT@rockwellautomation.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"PSIRT@rockwellautomation.com","type":"Secondary","description":[{"lang":"en","value":"CWE-824"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-824"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:arena:*:*:*:*:*:*:*:*","versionEndExcluding":"16.20.02","matchCriteriaId":"3DBAECB8-1538-4190-806F-0326B910B18C"}]}]}],"references":[{"url":"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145","source":"PSIRT@rockwellautomation.com","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Vendor Advisory"]}]}}]}