CVE-2024-21920

MEDIUM

Rockwellautomation Arena - Out-of-Bounds Read

Title source: rule

Description

A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.

References (1)

Core 1

Core References

Broken Link

https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html

Scores

CVSS v3 4.4

EPSS 0.0001

EPSS Percentile 2.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (1)

rockwellautomation/arena 16.00.00

Published Mar 26, 2024

Tracked Since Feb 18, 2026