Heap-Based Memory Buffer Overflow Vulnerability Threatens Product Confidentiality, Integrity, and Availability
CVE-2024-21913

7.8HIGH

Key Information:

Vendor: Rockwell Automation
Status: Arena Simulation
Vendor: CVE Published:; 26 March 2024

Summary

A vulnerability in the Arena Simulation software from Rockwell Automation involves a heap-based memory buffer overflow, which allows attackers to exploit memory boundaries and induce access violations. By manipulating this flaw, a malicious user can inject unauthorized code into the system. This risk becomes apparent when users unknowingly open files crafted by an attacker, enabling potential harm to the system's confidentiality, integrity, and availability.

Affected Version(s)

Arena Simulation Version 16.00 - 16.20.02

References

https://www.rockwellautomation.com/en-us/support/advisory...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 26, 2024
Vulnerability Reserved
Jan 3, 2024

Credit

Michael Heinzl