A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file.
Metrics
Affected Vendors & Products
References
History
Thu, 14 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Rcokwellautomation
Rcokwellautomation arena Input Analyzer |
|
CPEs | cpe:2.3:a:rcokwellautomation:arena_input_analyzer:*:*:*:*:*:*:*:* | |
Vendors & Products |
Rcokwellautomation
Rcokwellautomation arena Input Analyzer |
|
Metrics |
ssvc
|
Thu, 14 Nov 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file. | |
Title | Input Validation Vulnerability exists in Arena® Input Analyzer | |
Weaknesses | CWE-1284 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Rockwell
Published: 2024-11-14T16:22:03.883Z
Updated: 2024-11-14T16:59:43.395Z
Reserved: 2024-06-17T13:55:24.716Z
Link: CVE-2024-6068
Vulnrichment
Updated: 2024-11-14T16:59:38.012Z
NVD
Status : Awaiting Analysis
Published: 2024-11-14T17:15:07.680
Modified: 2024-11-15T13:58:08.913
Link: CVE-2024-6068
Redhat
No data.