CVE-2024-21920 MEDIUM

CVE-2024-21920: Rockwell Automation Arena Simulation Vulnerable To Buffer Overflow

Vendor Rockwell Automation
Product Arena Simulation
Weakness CWE-125
Published March 26, 2024
Last update August 6, 2024

CVSS base score

4.4/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

What the vulnerability does

01Description

A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.

Key dates

02Disclosure timeline

March 26, 2024 CVE published
August 6, 2024 Record updated