CVE-2024-21912
Rockwell Automation Arena Simulation vulnerable to out of bounds write
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Una vulnerabilidad de ejecución de código arbitrario en Rockwell Automation Arena Simulation podría permitir que un usuario malintencionado inserte código no autorizado en el software. Esto se hace escribiendo más allá del área de memoria designada, lo que provoca una infracción de acceso. Una vez dentro, el actor de la amenaza puede ejecutar código dañino en el sistema. Esto afecta la confidencialidad, integridad y disponibilidad del producto. Para desencadenar esto, el usuario tendría que abrir, sin saberlo, un archivo malicioso compartido por el actor de la amenaza.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-01-03 CVE Reserved
- 2024-03-26 CVE Published
- 2024-08-05 CVE Updated
- 2025-05-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
- CAPEC-100: Overflow Buffers
References (1)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rockwellautomation Search vendor "Rockwellautomation" | Arena Simulation Search vendor "Rockwellautomation" for product "Arena Simulation" | * | - |
Affected
|