PT-2024-9862 · Rockwell Automation · Rockwell Automation Arena

Published

2024-12-04

Updated

2024-12-20

CVE-2024-12672

CVSS v4.0

8.5

High

Vector

AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena (affected versions not specified)

Description: A third-party vulnerability exists in Rockwell Automation Arena that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-1395

Related Identifiers

BDU:2024-11640

CVE-2024-12672

Affected Products

Rockwell Automation Arena

PT-2024-9862 · Rockwell Automation · Rockwell Automation Arena

CVE-2024-12672

Weakness Enumeration

Related Identifiers

Affected Products

References · 9