CVE-2024-21920
published 2024-03-26CVE-2024-21920: A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This…
PriorityP425high7.1CVSS 3.1
AVLACLPRNUIRSUCHINAH
EPSS
0.22%
12.4th percentile
A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwell_automation | arena_simulation | — | — |
| rockwellautomation | arena | >= 16.00.00 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation Arena Simulation
cisa_ics·2024-03-26·CVSS 7.8
[HIGH] Rockwell Automation Arena Simulation
ICS Advisory
##
Rockwell Automation Arena Simulation
Release DateMarch 26, 2024
Alert CodeICSA-24-086-03
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.8
- ATTENTION: low attack complexity
- Vendor: Rockwell Automation
- Equipment: Arena Simulation Software
- Vulnerabilities: Out-of-bounds Write, Heap-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use After Free, Access of Uninitialized Pointer, Out-of-bounds Read
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could crash the application or allow an attacker to run harmful code on the system.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Rockwell Automation reports that the following versions of Arena Simulation Software are affe
GHSA
GHSA-xwx2-w5q7-pgf8: A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries
ghsa_unreviewed·2024-03-26
CVE-2024-21920 [MEDIUM] CWE-125 GHSA-xwx2-w5q7-pgf8: A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries
A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-26
Published