Severity
High
Analysis Summary
CVE-2023-27858 CVSS:7.8
Rockwell Automation Arena could allow a remote attacker to execute arbitrary code on the system, caused by access of an uninitialized pointer. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-27854 CVSS:7.8
Rockwell Automation Arena could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-46289 CVSS:7.5
Rockwell Automation FactoryTalk View Site Edition is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVE-2023-46290 CVSS:8.1
Rockwell Automation FactoryTalk Services Platform could allow a remote attacker to bypass security restrictions, caused by inadequate code logic in the web service. An attacker could exploit this vulnerability to obtain a local Windows OS user token and use it to log in to FactoryTalk Services Platform.
Impact
- Denial of Service
- Code Execution
- Security Bypass
- Gain Access
Indicators Of Compromise
CVE
- CVE-2023-27858
- CVE-2023-27854
- CVE-2023-46289
- CVE-2023-46290
Affected Vendors
Rockwell Automation
Affected Products
- Rockwell Automation Arena 16.20
- Rockwell Automation FactoryTalk View Site Edition 11.0
- Rockwell Automation FactoryTalk Services Platform 2.74
Remediation
Refer to Rockwell Automation Web site for patch, upgrade or suggested workaround information.