Memory Buffer Vulnerability Could Lead to Sensitive Information Reveal and Denial of Service
CVE-2024-21920

7.1HIGH

Key Information:

Vendor: Rockwell Automation
Status: Arena Simulation
Vendor: CVE Published:; 26 March 2024

Summary

A vulnerability exists in Rockwell Automation's Arena Simulation due to a memory buffer issue that may allow a threat actor to read data beyond the intended memory limits. This exposure might lead to unauthorized disclosure of sensitive data and could also result in application crashes, leading to a denial-of-service condition. The exploitation of this vulnerability requires a user to interact with a malicious file provided by the threat actor.

Affected Version(s)

Arena Simulation Version 16.00 - 16.20.02

References

https://www.rockwellautomation.com/en-us/support/advisory...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 26, 2024
Vulnerability Reserved
Jan 3, 2024

Credit

Michael Heinzl