Memory Boundary Vulnerability in Rockwell Automation Arena Software
CVE-2024-11157

7.3HIGH

Key Information:

Status
Vendor
CVE Published:
19 December 2024

Summary

CVE-2024-11157 is a significant vulnerability found in Rockwell Automation Arena®, a simulation software widely used in industrial settings. This flaw allows attackers to conduct memory boundary violations when processing certain DOE files, enabling them to execute arbitrary code with the privileges of a legitimate user. The exploitation of this vulnerability requires an unsuspecting user to run malicious code crafted by the threat actor, potentially leading to severe data breaches or operational disruptions. Users of the affected versions should apply security patches immediately to mitigate risks.

Affected Version(s)

Arena® All versions 16.20.06 and prior

References

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.