CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-2929 – Rockwell Automation Arena Simulation Vulnerable To Memory Corruption
https://notcve.org/view.php?id=CVE-2024-2929
26 Mar 2024 — A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Una vulnerabilidad de corrupción de memor... • https://github.com/Lavender-exe/CVE-2024-29296-PoC • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21913 – Rockwell Automation Arena Simulation Vulnerable To Memory Corruption
https://notcve.org/view.php?id=CVE-2024-21913
26 Mar 2024 — A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Una v... • https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-13527 – Rockwell Automation Arena Simulation DOE File Parsing Uninitialized Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13527
24 Sep 2019 — In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized. En Rockwell Automation Arena Simulación Software Cat. 9502-Axe, versiones 16.00.00 y anteriores, un archivo Arena diseñado con fines maliciosos abierto por parte de un usuario desprevenido puede resultar en el uso de un puntero que no ha sido inicializado. This vulnerability allows remot... • https://www.us-cert.gov/ics/advisories/icsa-19-213-05 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-13510 – Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13510
15 Aug 2019 — Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. Rockwell Automation Arena Simulation Software versiones 16.00.00 y anteriores, contiene una vulnerabilidad de USO DE MEMORIA PREVIAMENTE LIBERADA CWE-416. Un archivo Arena diseñado maliciosamente abierto por parte de un usuario desprevenido puede resultar en el b... • https://www.us-cert.gov/ics/advisories/icsa-19-213-05 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13511 – Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13511
15 Aug 2019 — Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation. Rockwell Automation Arena Simulation Software versiones 16.00.00 y anteriores, contienen una EXPOSICIÓN DE INFORMACIÓN CWE-200. Un archivo Arena creado con fines maliciosos abierto por parte de un usuario desprevenido puede resultar en la expos... • https://www.us-cert.gov/ics/advisories/icsa-19-213-05 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-416: Use After Free •