Filtered by vendor Rockwellautomation
Subscriptions
Filtered by product Arena
Subscriptions
Total
21 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-21913 | 1 Rockwellautomation | 2 Arena, Arena Simulation Software | 2024-12-17 | 7.8 High |
A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. | ||||
CVE-2024-21919 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | 7.8 High |
An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. | ||||
CVE-2024-21912 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | 7.8 High |
An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. | ||||
CVE-2024-21918 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | 7.8 High |
A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. | ||||
CVE-2024-2929 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | 7.8 High |
A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. | ||||
CVE-2023-27854 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | 7.8 High |
An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute. | ||||
CVE-2023-27858 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | 7.8 High |
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute. | ||||
CVE-2019-13527 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | 7.8 High |
In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized. | ||||
CVE-2019-13510 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | N/A |
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. | ||||
CVE-2019-13511 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | 3.3 Low |
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation. | ||||
CVE-2024-12130 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | 7.8 High |
An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | ||||
CVE-2019-13519 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | 7.8 High |
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities. | ||||
CVE-2023-29462 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | 7.8 High |
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability. | ||||
CVE-2023-29461 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | 7.8 High |
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability. | ||||
CVE-2023-29460 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | 7.8 High |
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of confidentiality, integrity, and availability. | ||||
CVE-2019-13521 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | 7.8 High |
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities. | ||||
CVE-2024-11156 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | 7.8 High |
An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | ||||
CVE-2024-21920 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | 4.4 Medium |
A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. | ||||
CVE-2024-11155 | 1 Rockwellautomation | 1 Arena | 2024-12-06 | 7.8 High |
A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | ||||
CVE-2024-11158 | 1 Rockwellautomation | 1 Arena | 2024-12-06 | 6.7 Medium |
An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. |