Dec. 21, 2023, 6 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-29460.

arbitrary code attackers automation code code execution cvss doe exploit file free malicious page parsing rating remote code remote code execution rockwell rockwell automation simulation target use-after-free vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

Cybersecurity Engineer

@ Booz Allen Hamilton | USA, VA, Arlington (1550 Crystal Dr Suite 300) non-client

Invoice Compliance Reviewer

@ AC Disaster Consulting | Fort Myers, Florida, United States - Remote

Technical Program Manager II - Compliance

@ Microsoft | Redmond, Washington, United States

Head of U.S. Threat Intelligence / Senior Manager for Threat Intelligence

@ Moonshot | Washington, District of Columbia, United States

Customer Engineer, Security, Public Sector

@ Google | Virginia, USA; Illinois, USA