An “out of bounds write” code execution vulnerability exists in the
Rockwell Automation Arena®
that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | ||
Vendors & Products |
Rockwellautomation arena Simulation
|
Tue, 10 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Rockwellautomation arena
|
|
CPEs | cpe:2.3:a:rockwellautomation:arena:*:*:*:*:*:*:*:* | |
Vendors & Products |
Rockwellautomation arena
|
|
Metrics |
ssvc
|
Mon, 09 Dec 2024 23:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Rockwellautomation
Rockwellautomation arena Simulation |
|
CPEs | cpe:2.3:a:rockwellautomation:arena_simulation:*:*:*:*:*:*:*:* | |
Vendors & Products |
Rockwellautomation
Rockwellautomation arena Simulation |
|
Metrics |
cvssV3_1
|
Thu, 05 Dec 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | |
Title | Rockwell Automation Arena® Out of Bounds Write Vulnerability | |
Weaknesses | CWE-787 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: Rockwell
Published: 2024-12-05T17:37:09.718Z
Updated: 2024-12-10T14:47:32.371Z
Reserved: 2024-11-12T17:53:10.796Z
Link: CVE-2024-11156
Vulnrichment
Updated: 2024-12-10T14:47:28.098Z
NVD
Status : Analyzed
Published: 2024-12-05T18:15:21.103
Modified: 2024-12-17T15:52:01.670
Link: CVE-2024-11156
Redhat
No data.