Vulnerabilities > CVE-2024-11157 - Out-of-bounds Write vulnerability in Rockwellautomation Arena

CVSS 7.3 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

rockwellautomation

CWE-787

NVD

Published: 2024-12-19

Updated: 2025-01-21

Summary

A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.

Vulnerable Configurations

Part	Description	Count
Application	Rockwellautomation Rockwellautomation Arena - Rockwellautomation Arena 2.00.00 Rockwellautomation Arena 2.50.00 Rockwellautomation Arena 3.00.00 Rockwellautomation Arena 8.01.00 Rockwellautomation Arena 9.00.00 Rockwellautomation Arena 10.00.00 Rockwellautomation Arena 11.00.00 Rockwellautomation Arena 12.00.00 Rockwellautomation Arena 13.00.00 Rockwellautomation Arena 13.50.00 Rockwellautomation Arena 13.90.00 Rockwellautomation Arena 14.00.00 Rockwellautomation Arena 14.00.01 Rockwellautomation Arena 14.50.00 Rockwellautomation Arena 14.70.00 Rockwellautomation Arena 15.00.00 Rockwellautomation Arena 15.10.00 Rockwellautomation Arena 15.10.01 Rockwellautomation Arena 16.00.00 Rockwellautomation Arena 16.00.01 Rockwellautomation Arena 16.10.00 Rockwellautomation Arena 16.20.00 Rockwellautomation Arena 16.20.01 Rockwellautomation Arena 16.20.02 Rockwellautomation Arena 16.20.03 Rockwellautomation Arena 16.20.04 Rockwellautomation Arena 16.20.05 Rockwellautomation Arena 16.20.06	29

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html