PT-2024-17453 · Rockwell Automation · Rockwell Automation Arena

Published

2024-12-05

Updated

2025-03-18

CVE-2024-12130

CVSS v4.0

8.5

High

Vector

AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Rockwell Automation Arena (affected versions not specified)

Description An "out of bounds read" code execution issue exists in Rockwell Automation Arena that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this issue to execute arbitrary code. To exploit this issue, a legitimate user must execute the malicious code crafted by the threat actor.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2024-12130

ZDI-24-1651

ZDI-25-152

Affected Products

Rockwell Automation Arena

PT-2024-17453 · Rockwell Automation · Rockwell Automation Arena

CVE-2024-12130

Weakness Enumeration

Related Identifiers

Affected Products

References · 10