16 results (0.006 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

26 Mar 2024 — A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Una vulnerabilidad de corrupción de memor... • https://github.com/Lavender-exe/CVE-2024-29296-PoC • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

26 Mar 2024 — A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Una vulnerabilidad del búfer de memoria en Rockwell Automation Arena Simulation podría permitir que un actor de amenazas lea más allá ... • https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

26 Mar 2024 — An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Un puntero no inicializado en el software de Rockwell Autom... • https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html • CWE-824: Access of Uninitialized Pointer •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

26 Mar 2024 — A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Una vulnerabilidad del búfer de memoria e... • https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

26 Mar 2024 — A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Una v... • https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html • CWE-122: Heap-based Buffer Overflow •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

26 Mar 2024 — An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. • https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

27 Oct 2023 — Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute. Rockwell Automation Arena Simulation ... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145 • CWE-824: Access of Uninitialized Pointer •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

27 Oct 2023 — An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute. Se informó a Rockwell Automation en ... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145 • CWE-125: Out-of-bounds Read •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

09 May 2023 — An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is req... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391 • CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

09 May 2023 — An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is req... • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391 • CWE-125: Out-of-bounds Read •