Vulnerabilities > CVE-2024-11364 - Use of Uninitialized Resource vulnerability in Rockwellautomation Arena

CVSS 7.3 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

rockwellautomation

CWE-908

NVD

Published: 2024-12-19

Updated: 2025-01-21

Summary

Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.

Vulnerable Configurations

Part	Description	Count
Application	Rockwellautomation Rockwellautomation Arena *	1

Common Weakness Enumeration (CWE)

CWE-908 - Use of Uninitialized Resource

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html