Lucene search

[email protected]CVE-2024-2929

HistoryMar 26, 2024 - 4:15 p.m.

CVE-2024-2929

2024-03-2616:15:14

CWE-119

[email protected]

web.nvd.nist.gov

rockwell automation

arena simulation

memory corruption

unauthorized code insertion

access violation

threat actor

harmful code

confidentiality

integrity

availability

malicious file

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Arena Simulation",
    "vendor": "Rockwell Automation",
    "versions": [
      {
        "status": "affected",
        "version": "Version 16.00 - 16.20.02"
      }
    ]
  }
]

References

www.rockwellautomation.com/en-us/support/advisory.SD-1665.html

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-2929

nvd1 cvelist1 ics1