CVE-2024-11156: Rockwell Automation Arena® Out of Bounds Write Vulnerability
First published: Thu Dec 05 2024(Updated: )
An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
Credit: PSIRT@rockwellautomation.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwell Automation Arena | <=16.20.03 |
Remedy
Corrected in software version 16.20.06 and later Mitigations and Workarounds Customers using the affected software are encouraged to apply these risk mitigations, if possible. For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight to minimize the risk of the vulnerability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/weakness
- agent/remedy
- agent/title
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/event
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/rockwellautomation
- canonical/rockwell automation arena
- version/rockwell automation arena/16.20.03