EUVD-2024-34318

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Third-party vulnerability in Rockwell Automation Arena allows arbitrary code execution by exploitation.

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the ability to write code beyond the buffer boundaries, allowing an attacker to execute arbitrary code.	8 Jan 202500:00	–	bdu_fstec
Circl	CVE-2024-11157	19 Dec 202405:00	–	circl
CNNVD	Rockwell Automation Arena 安全漏洞	19 Dec 202400:00	–	cnnvd
CVE	CVE-2024-11157	19 Dec 202420:48	–	cve
Cvelist	CVE-2024-11157 Rockwell Automation Third Party Vulnerability in Arena	19 Dec 202420:48	–	cvelist
NVD	CVE-2024-11157	19 Dec 202421:15	–	nvd
Positive Technologies	PT-2021-8242 · Rockwell Automation · Rockwell Automation Arena	21 Jun 202100:00	–	ptsecurity
Vulnrichment	CVE-2024-11157 Rockwell Automation Third Party Vulnerability in Arena	19 Dec 202420:48	–	vulnrichment
Zero Day Initiative	Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability	19 Dec 202400:00	–	zdi

[
  {
    "enisaIdVendor": [
      {
        "id": "a8f34b3b-3d92-33b3-ad71-cafbb05fa1cc",
        "vendor": {
          "name": "Rockwell Automation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "3b8004f0-77a4-3017-9b31-b950d9d141fc",
        "product": {
          "name": "Arena®"
        },
        "product_version": "All versions 16.20.06 and prior"
      }
    ]
  }
]

Source	Link
rockwellautomation	www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-11157

03 Oct 2025 20:07Current

6.5Medium risk

Vulners AI Score6.5

CVSS 48.5

CVSS 3.17.3

EPSS0.00031

SSVC