Lucene search

[email protected]CVE-2024-21913

HistoryMar 26, 2024 - 4:15 p.m.

CVE-2024-21913

2024-03-2616:15:10

CWE-122

[email protected]

web.nvd.nist.gov

vulnerability

memory overflow

rockwell automation

arena simulation

unauthorized code

access violation

confidentiality

integrity

availability

threat actor

harmful code

malicious file

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Arena Simulation",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "Version 16.00 - 16.20.02"
      }
    ]
  }
]

References

www.rockwellautomation.com/en-us/support/advisory.SD-1665.html

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-21913

nvd1 cvelist1 cnvd1 ics1