A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file.
History

Thu, 14 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Rcokwellautomation
Rcokwellautomation arena Input Analyzer
CPEs cpe:2.3:a:rcokwellautomation:arena_input_analyzer:*:*:*:*:*:*:*:*
Vendors & Products Rcokwellautomation
Rcokwellautomation arena Input Analyzer
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 14 Nov 2024 16:30:00 +0000

Type Values Removed Values Added
Description A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file.
Title Input Validation Vulnerability exists in Arena® Input Analyzer
Weaknesses CWE-1284
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Rockwell

Published: 2024-11-14T16:22:03.883Z

Updated: 2024-11-14T16:59:43.395Z

Reserved: 2024-06-17T13:55:24.716Z

Link: CVE-2024-6068

cve-icon Vulnrichment

Updated: 2024-11-14T16:59:38.012Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-14T17:15:07.680

Modified: 2024-11-15T13:58:08.913

Link: CVE-2024-6068

cve-icon Redhat

No data.