An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena®
that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Rockwellautomation arena
|
|
CPEs | cpe:2.3:a:rockwellautomation:arena:*:*:*:*:*:*:*:* | |
Vendors & Products |
Rockwellautomation arena Simulation
|
Rockwellautomation arena
|
Tue, 10 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 09 Dec 2024 23:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Rockwellautomation
Rockwellautomation arena Simulation |
|
CPEs | cpe:2.3:a:rockwellautomation:arena_simulation:*:*:*:*:*:*:*:* | |
Vendors & Products |
Rockwellautomation
Rockwellautomation arena Simulation |
|
Metrics |
cvssV3_1
|
Thu, 05 Dec 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | |
Title | Rockwell Automation Arena® Out of Bounds Read Vulnerability | |
Weaknesses | CWE-125 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: Rockwell
Published: 2024-12-05T17:47:21.917Z
Updated: 2024-12-10T15:01:30.054Z
Reserved: 2024-12-04T01:26:01.833Z
Link: CVE-2024-12130
Vulnrichment
Updated: 2024-12-10T15:01:26.283Z
NVD
Status : Analyzed
Published: 2024-12-05T18:15:21.507
Modified: 2024-12-17T15:52:01.670
Link: CVE-2024-12130
Redhat
No data.