Описание
Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
Уязвимые конфигурации
Одновременно
EPSS
7.3 High
CVSS3
Дефекты
Связанные уязвимости
Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
Уязвимость программного обеспечения для дискретного моделирования событий и автоматизации Rockwell Automation Arena, связанная с зависимостью от стороннего компонента, позволяющая нарушителю выполнить произвольный код
EPSS
7.3 High
CVSS3