Vulnerabilities > CVE-2024-12175 - Use After Free vulnerability in Rockwellautomation Arena

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

rockwellautomation

CWE-416

NVD

Published: 2024-12-19

Updated: 2025-01-10

Summary

Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.

Vulnerable Configurations

Part	Description	Count
Application	Rockwellautomation Rockwellautomation Arena - Rockwellautomation Arena 2.00.00 Rockwellautomation Arena 2.50.00 Rockwellautomation Arena 3.00.00 Rockwellautomation Arena 8.01.00 Rockwellautomation Arena 9.00.00 Rockwellautomation Arena 10.00.00 Rockwellautomation Arena 11.00.00 Rockwellautomation Arena 12.00.00 Rockwellautomation Arena 13.00.00 Rockwellautomation Arena 13.50.00 Rockwellautomation Arena 13.90.00 Rockwellautomation Arena 14.00.00 Rockwellautomation Arena 14.00.01 Rockwellautomation Arena 14.50.00 Rockwellautomation Arena 14.70.00 Rockwellautomation Arena 15.00.00 Rockwellautomation Arena 15.10.00 Rockwellautomation Arena 15.10.01 Rockwellautomation Arena 16.00.00 Rockwellautomation Arena 16.00.01 Rockwellautomation Arena 16.10.00 Rockwellautomation Arena 16.20.00 Rockwellautomation Arena 16.20.01 Rockwellautomation Arena 16.20.02 Rockwellautomation Arena 16.20.03 Rockwellautomation Arena 16.20.04 Rockwellautomation Arena 16.20.05 Rockwellautomation Arena 16.20.06	29

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html