CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12672 – Rockwell Automation Third Party Vulnerability in Arena®
https://notcve.org/view.php?id=CVE-2024-12672
A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11157 – Rockwell Automation Third Party Vulnerability in Arena
https://notcve.org/view.php?id=CVE-2024-11157
A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOE files. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12175 – Rockwell Automation Code Execution Vulnerability in Arena
https://notcve.org/view.php?id=CVE-2024-12175
Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOE files. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11364 – Rockwell Automation Third Party Vulnerability in Arena®
https://notcve.org/view.php?id=CVE-2024-11364
Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOE files. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html •