High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-12-19	CVE-2024-11157	Out-of-bounds Write vulnerability in Rockwellautomation Arena A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. local low complexity rockwellautomation CWE-787	7.3
2024-12-19	CVE-2024-11364	Use of Uninitialized Resource vulnerability in Rockwellautomation Arena Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. local low complexity rockwellautomation CWE-908	7.3
2024-12-19	CVE-2024-12175	Use After Free vulnerability in Rockwellautomation Arena Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. local low complexity rockwellautomation CWE-416	7.8
2024-12-05	CVE-2024-11156	Out-of-bounds Write vulnerability in Rockwellautomation Arena An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. local low complexity rockwellautomation CWE-787	7.8
2024-12-05	CVE-2024-12130	Out-of-bounds Read vulnerability in Rockwellautomation Arena An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. local low complexity rockwellautomation CWE-125	7.8
2024-10-25	CVE-2024-10387	Unspecified vulnerability in Rockwellautomation Thinmanager CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. network low complexity rockwellautomation	7.5
2024-10-14	CVE-2024-6207	Unspecified vulnerability in Rockwellautomation products CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and send a specially crafted CIP message to the device. network low complexity rockwellautomation	7.5
2024-09-12	CVE-2024-6077	Unspecified vulnerability in Rockwellautomation products A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. network low complexity rockwellautomation	7.5
2024-09-12	CVE-2024-8533	Incorrect Default Permissions vulnerability in Rockwellautomation products A privilege escalation vulnerability exists in the Rockwell Automation affected products. network low complexity rockwellautomation CWE-276	8.8
2024-09-12	CVE-2024-45825	Unspecified vulnerability in Rockwellautomation 5015-U8Ihft Firmware 1.011/1.012 CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the affected products. network low complexity rockwellautomation	7.5