A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
History

Fri, 20 Dec 2024 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 19 Dec 2024 21:15:00 +0000

Type Values Removed Values Added
Description A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
Title Rockwell Automation Third Party Vulnerability in Arena®
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Rockwell

Published: 2024-12-19T20:58:29.049Z

Updated: 2024-12-20T17:14:12.572Z

Reserved: 2024-12-16T15:33:54.996Z

Link: CVE-2024-12672

cve-icon Vulnrichment

Updated: 2024-12-20T17:14:05.728Z

cve-icon NVD

Status : Received

Published: 2024-12-19T21:15:07.627

Modified: 2024-12-20T18:15:27.537

Link: CVE-2024-12672

cve-icon Redhat

No data.