cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-11364,https://securityvulnerability.io/vulnerability/CVE-2024-11364,Code Execution Vulnerability Affecting Rockwell Automation Arena,"CVE-2024-11364 is a high-risk code execution vulnerability identified in Rockwell Automation's Arena® software. This vulnerability arises from an uninitialized variable that can be exploited by threat actors to execute arbitrary code. An attacker can craft a malicious DOE file that necessitates execution by a legitimate user, leading to potential unauthorized actions within the software environment. Due to the nature of this vulnerability, it represents a significant threat to the integrity and security of systems utilizing Arena® without adequate mitigations. Users are strongly advised to apply security patches and follow best practices to safeguard their systems.",Rockwell Automation,Arena®,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T21:04:52.473Z,0
CVE-2024-12672,https://securityvulnerability.io/vulnerability/CVE-2024-12672,Memory Corruption Vulnerability in Rockwell Automation Arena Products,"CVE-2024-12672 identifies a severe memory corruption vulnerability within Rockwell Automation's Arena® software. This flaw allows a malicious actor to write data beyond allocated memory boundaries in a DOE file. Successful exploitation requires a legitimate user to execute a specially crafted payload, potentially enabling arbitrary code execution. Organizations utilizing affected versions of Arena® should promptly apply security patches to mitigate the risk associated with this vulnerability.",Rockwell Automation,Arena®,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T20:58:29.049Z,0
CVE-2024-12175,https://securityvulnerability.io/vulnerability/CVE-2024-12175,Exploring Code Execution Vulnerabilities in Rockwell Automation Arena®,"CVE-2024-12175 is a high-risk vulnerability classified as a 'use after free' code execution flaw affecting Rockwell Automation's Arena® software. This vulnerability allows a threat actor to manipulate the software by crafting a malformed DOE file that exploits a previously released resource. If successfully executed, this could permit the adversary to run arbitrary code within the application environment. To execute this exploit, the victim, typically a legitimate user, must unknowingly run the malicious code provided by the attacker. The implications of this vulnerability can lead to severe security breaches, making it essential for users to apply the latest security patches and remain vigilant against such exploits.",Rockwell Automation,Arena®,7.8,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-12-19T20:53:22.926Z,0
CVE-2024-11157,https://securityvulnerability.io/vulnerability/CVE-2024-11157,Memory Boundary Vulnerability in Rockwell Automation Arena Software,"CVE-2024-11157 is a significant vulnerability found in Rockwell Automation Arena®, a simulation software widely used in industrial settings. This flaw allows attackers to conduct memory boundary violations when processing certain DOE files, enabling them to execute arbitrary code with the privileges of a legitimate user. The exploitation of this vulnerability requires an unsuspecting user to run malicious code crafted by the threat actor, potentially leading to severe data breaches or operational disruptions. Users of the affected versions should apply security patches immediately to mitigate risks.",Rockwell Automation,Arena®,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-19T20:48:35.802Z,0
CVE-2024-12130,https://securityvulnerability.io/vulnerability/CVE-2024-12130,Threat Actor Could Execute Arbitrary Code via Out of Bounds Read Vulnerability in Rockwell Automation Arena®,"An out of bounds read vulnerability in Rockwell Automation Arena allows a targeted attacker to craft a malicious DOE file that prompts the software to access memory beyond its allocated limits. This situation could be exploited to execute arbitrary code if a legitimate user unwittingly runs the compromised file. This vulnerability highlights the potential dangers associated with improperly handled memory access in software applications, urging users to remain vigilant and apply necessary security measures as soon as updates become available.",Rockwell Automation,Arena®,7.8,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-12-05T17:47:21.917Z,0
CVE-2024-11158,https://securityvulnerability.io/vulnerability/CVE-2024-11158,Variable Uninitialized: A Threat to Software Security,"An “uninitialized variable” code execution vulnerability exists in the 

Rockwell Automation Arena®

 that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.",Rockwell Automation,Arena®,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-05T17:41:57.954Z,0
CVE-2024-11156,https://securityvulnerability.io/vulnerability/CVE-2024-11156,"Threat Actor Could Write Beyond Memory Boundaries in Rockwell Automation Arena®, Executing Arbitrary Code","A vulnerability exists in Rockwell Automation Arena® that permits an out of bounds write condition, potentially leading to arbitrary code execution. This flaw allows a threat actor, with access to a legitimate user's environment, to craft malicious code that, when executed, can write beyond the limits of allocated memory in a DOE file. Exploitation of this vulnerability requires that the user runs the compromised code, underscoring the importance of user awareness and stringent security practices to mitigate risks.",Rockwell Automation,Arena®,7.8,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-12-05T17:37:09.718Z,0
CVE-2024-11155,https://securityvulnerability.io/vulnerability/CVE-2024-11155,Threat Actor Could Execute Arbitrary Code via 'Use After Free' Vulnerability in Rockwell Automation Arena®,"A “use after free”  code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.",Rockwell Automation,Arena®,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-05T17:32:22.847Z,0
CVE-2024-2929,https://securityvulnerability.io/vulnerability/CVE-2024-2929,"Memory Corruption Vulnerability Threatens Confidentiality, Integrity, and Availability of Rockwell Automation Software","A vulnerability exists within Rockwell Automation's Arena Simulation software that enables a threat actor to exploit memory corruption. This exploitation allows the attacker to insert unauthorized code into the software through malicious file handling, leading to an access violation. Such actions can jeopardize the confidentiality, integrity, and availability of the affected system. Users inadvertently opening compromised files could expose their systems to potential threats and harmful consequences.",Rockwell Automation,Arena Simulation,7.8,HIGH,0.0005099999834783375,false,,false,false,false,,,false,false,,2024-03-26T15:56:31.967Z,0
CVE-2024-21920,https://securityvulnerability.io/vulnerability/CVE-2024-21920,Memory Buffer Vulnerability Could Lead to Sensitive Information Reveal and Denial of Service,"A vulnerability exists in Rockwell Automation's Arena Simulation due to a memory buffer issue that may allow a threat actor to read data beyond the intended memory limits. This exposure might lead to unauthorized disclosure of sensitive data and could also result in application crashes, leading to a denial-of-service condition. The exploitation of this vulnerability requires a user to interact with a malicious file provided by the threat actor.",Rockwell Automation,Arena Simulation,7.1,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-03-26T15:48:59.735Z,0
CVE-2024-21919,https://securityvulnerability.io/vulnerability/CVE-2024-21919,Uninitialized Pointer Vulnerability in Rockwell Automation Arena Simulation Software Could Lead to Code Injection,"An uninitialized pointer vulnerability exists in Rockwell Automation's Arena Simulation Software, which could permit unauthorized code insertion by exploiting the pointer during specific user interactions. A malicious actor may craft a harmful file that, when opened by a user, allows for execution of detrimental code within the system. This vulnerability poses substantial risks to the confidentiality, integrity, and availability of the software, underscoring the necessity for users to remain cautious about opening unsolicited files and for vendors to address such security flaws promptly.",Rockwell Automation,Arena Simulation,7.8,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-03-26T15:46:38.129Z,0
CVE-2024-21918,https://securityvulnerability.io/vulnerability/CVE-2024-21918,"Memory Buffer Vulnerability Threatens Confidentiality, Integrity, and Availability of Arena Simulation Software","A memory buffer vulnerability exists in Rockwell Automation’s Arena Simulation software, potentially allowing a malicious user to insert unauthorized code through memory corruption. By exploiting this weakness, a threat actor could trigger an access violation upon the user opening a compromised file, leading to harmful code execution on the affected system. This vulnerability jeopardizes the confidentiality, integrity, and availability of critical data and system functions, posing significant risks to users who interact with the software.",Rockwell Automation,Arena Simulation,7.8,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-03-26T15:44:33.835Z,0
CVE-2024-21913,https://securityvulnerability.io/vulnerability/CVE-2024-21913,"Heap-Based Memory Buffer Overflow Vulnerability Threatens Product Confidentiality, Integrity, and Availability","A vulnerability in the Arena Simulation software from Rockwell Automation involves a heap-based memory buffer overflow, which allows attackers to exploit memory boundaries and induce access violations. By manipulating this flaw, a malicious user can inject unauthorized code into the system. This risk becomes apparent when users unknowingly open files crafted by an attacker, enabling potential harm to the system's confidentiality, integrity, and availability.",Rockwell Automation,Arena Simulation,7.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-03-26T15:38:23.962Z,0
CVE-2024-21912,https://securityvulnerability.io/vulnerability/CVE-2024-21912,Arbitrary Code Execution Vulnerability in Rockwell Automation Arena Simulation Could Lead to Unauthorized Code Injection,"An arbitrary code execution vulnerability exists in Arena Simulation by Rockwell Automation, enabling attackers to write beyond the allocated memory space. This security flaw allows unauthorized code to be executed when a user opens a specially crafted malicious file. The compromise threatens the product's confidentiality, integrity, and availability, posing significant risks to systems utilizing this software. Users are advised to exercise caution with file exchanges and apply necessary security measures.",Rockwell Automation,Arena Simulation,7.8,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-03-26T15:34:35.837Z,0
CVE-2023-27858,https://securityvulnerability.io/vulnerability/CVE-2023-27858,Rockwell Automation Arena® Simulation Uninitialized Pointer Vulnerability,"Rockwell Automation Arena Simulation is susceptible to an arbitrary code execution vulnerability, which enables malicious users to exploit an uninitialized pointer within the application. This vulnerability could lead to unauthorized code execution if a user inadvertently opens a maliciously crafted file. Once executed, the code can compromise the system's confidentiality, integrity, and availability, significantly impacting the usability and security of the product.",Rockwell Automation,Arena Simulation,7.8,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2023-10-27T19:15:00.000Z,0
CVE-2023-27854,https://securityvulnerability.io/vulnerability/CVE-2023-27854,Rockwell Automation Arena® Simulation Out of Bounds Read Vulnerability,"An arbitrary code execution vulnerability in Arena Simulation allows an attacker to exploit a memory buffer overflow, potentially executing unauthorized code on affected systems. This can significantly compromise the confidentiality, integrity, and availability of the software. To become a victim, a user must open a specially crafted file from an untrusted source. Immediate action is advised to mitigate risks associated with this vulnerability.",Rockwell Automation,Arena Simulation,7.8,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2023-10-27T19:15:00.000Z,0
CVE-2023-29460,https://securityvulnerability.io/vulnerability/CVE-2023-29460,Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability,"An arbitrary code execution vulnerability exists in Rockwell Automation's Arena Simulation software, enabling potential attackers to execute unauthorized code through a memory buffer overflow. This flaw could lead to severe outcomes, including a complete compromise of the system's confidentiality, integrity, and availability. Organizations using Arena Simulation should prioritize assessing their exposure to this vulnerability and apply available security patches.",Rockwell Automation,Arena Simulation,7.8,HIGH,0.001500000013038516,false,,false,false,false,,,false,false,,2023-05-09T14:15:00.000Z,0
CVE-2023-29461,https://securityvulnerability.io/vulnerability/CVE-2023-29461,Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability,"An arbitrary code execution vulnerability has been identified in Rockwell Automation's Arena Simulation software. This vulnerability arises from a memory buffer overflow in the heap, which could be exploited by a malicious user to execute unauthorized code within the application. This exploitation may lead to severe consequences including a complete compromise of the application's confidentiality, integrity, and availability. Organizations using Arena Simulation are advised to review their security measures and apply necessary updates.",Rockwell Automation,Arena Simulation,7.8,HIGH,0.001500000013038516,false,,false,false,false,,,false,false,,2023-05-09T14:15:00.000Z,0
CVE-2023-29462,https://securityvulnerability.io/vulnerability/CVE-2023-29462,Rockwell Automation Arena Simulation Software Remote Code Execution Vulnerability,"An arbitrary code execution vulnerability has been identified in Rockwell Automation's Arena Simulation software. This issue arises from a memory buffer overflow in the heap, which could be exploited by attackers to execute unauthorized code within the software environment. Such a breach may lead to severe impacts including loss of confidentiality, integrity, and availability of affected systems, posing significant risks to user data and operations.",Rockwell Automation,Arena Simulation,7.8,HIGH,0.003269999986514449,false,,false,false,false,,,false,false,,2023-05-09T14:15:00.000Z,0