CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11158 – Rockwell Automation Arena® Uninitialized Vulnerability
https://notcve.org/view.php?id=CVE-2024-11158
An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOE files. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-665: Improper Initialization •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11156 – Rockwell Automation Arena® Out of Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-11156
An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOE files. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11155 – Rockwell Automation Arena® Use After Free Vulnerability
https://notcve.org/view.php?id=CVE-2024-11155
A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOE files. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6068 – Input Validation Vulnerability exists in Arena® Input Analyzer
https://notcve.org/view.php?id=CVE-2024-6068
A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD17011.html • CWE-1284: Improper Validation of Specified Quantity in Input •