CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-2929 – Rockwell Automation Arena Simulation Vulnerable To Memory Corruption
https://notcve.org/view.php?id=CVE-2024-2929
26 Mar 2024 — A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Una vulnerabilidad de corrupción de memor... • https://github.com/Lavender-exe/CVE-2024-29296-PoC • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21920 – Rockwell Automation Arena Simulation Vulnerable To Buffer Overflow
https://notcve.org/view.php?id=CVE-2024-21920
26 Mar 2024 — A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Una vulnerabilidad del búfer de memoria en Rockwell Automation Arena Simulation podría permitir que un actor de amenazas lea más allá ... • https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21919 – Rockwell Automation Arena Simulation Vulnerable To Uninitialized Pointer
https://notcve.org/view.php?id=CVE-2024-21919
26 Mar 2024 — An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Un puntero no inicializado en el software de Rockwell Autom... • https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21918 – Rockwell Automation Arena Simulation Vulnerable To Memory Corruption
https://notcve.org/view.php?id=CVE-2024-21918
26 Mar 2024 — A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Una vulnerabilidad del búfer de memoria e... • https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21913 – Rockwell Automation Arena Simulation Vulnerable To Memory Corruption
https://notcve.org/view.php?id=CVE-2024-21913
26 Mar 2024 — A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Una v... • https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21912 – Rockwell Automation Arena Simulation vulnerable to out of bounds write
https://notcve.org/view.php?id=CVE-2024-21912
26 Mar 2024 — An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. • https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27858 – Rockwell Automation Arena® Simulation Uninitialized Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2023-27858
27 Oct 2023 — Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute. Rockwell Automation Arena Simulation ... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27854 – Rockwell Automation Arena® Simulation Out of Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-27854
27 Oct 2023 — An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute. Se informó a Rockwell Automation en ... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145 • CWE-125: Out-of-bounds Read •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29462 – Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-29462
09 May 2023 — An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is req... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29461 – Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-29461
09 May 2023 — An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is req... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391 • CWE-125: Out-of-bounds Read •