CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11158 – Rockwell Automation Arena® Uninitialized Vulnerability
https://notcve.org/view.php?id=CVE-2024-11158
05 Dec 2024 — An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitrary code on affected installa... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-665: Improper Initialization •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11155 – Rockwell Automation Arena® Use After Free Vulnerability
https://notcve.org/view.php?id=CVE-2024-11155
05 Dec 2024 — A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell ... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-416: Use After Free •