A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
Metrics
Affected Vendors & Products
References
History
Fri, 20 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-787 | |
Metrics |
ssvc
|
Thu, 19 Dec 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | |
Title | Rockwell Automation Third Party Vulnerability in Arena® | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: Rockwell
Published: 2024-12-19T20:58:29.049Z
Updated: 2024-12-20T17:14:12.572Z
Reserved: 2024-12-16T15:33:54.996Z
Link: CVE-2024-12672
Vulnrichment
Updated: 2024-12-20T17:14:05.728Z
NVD
Status : Received
Published: 2024-12-19T21:15:07.627
Modified: 2024-12-20T18:15:27.537
Link: CVE-2024-12672
Redhat
No data.