CVE-2024-21918

Name of the Vulnerable Software and Affected Versions Rockwell Automation Arena Simulation (affected versions not specified)

Description A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system, affecting the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. The vulnerability is related to the use of memory after it has been freed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the software to minimize the risk of exploitation. Avoid opening files from untrusted sources to reduce the risk of triggering the vulnerability.