CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12130 – Rockwell Automation Arena® Out of Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2024-12130
05 Dec 2024 — An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitrary code on affected instal... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-125: Out-of-bounds Read •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11156 – Rockwell Automation Arena® Out of Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-11156
05 Dec 2024 — An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automati... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-787: Out-of-bounds Write •