CVE-2024-21919
Rockwell Automation Arena Simulation Vulnerable To Uninitialized Pointer
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Un puntero no inicializado en el software de Rockwell Automation Arena Simulation podría permitir que un usuario malintencionado inserte código no autorizado en el software aprovechando el puntero una vez que esté correctamente. Una vez dentro, el actor de la amenaza puede ejecutar código dañino en el sistema. Esto afecta la confidencialidad, integridad y disponibilidad del producto. Para desencadenar esto, el usuario tendría que abrir, sin saberlo, un archivo malicioso compartido por el actor de la amenaza.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-01-03 CVE Reserved
- 2024-03-26 CVE Published
- 2024-08-02 CVE Updated
- 2025-05-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-824: Access of Uninitialized Pointer
CAPEC
- CAPEC-100: Overflow Buffers
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rockwellautomation Search vendor "Rockwellautomation" | Arena Simulation Search vendor "Rockwellautomation" for product "Arena Simulation" | * | - |
Affected
| ||||||