CVE-2024-6068 HIGH

CVE-2024-6068: Input Validation Vulnerability exists in Arena® Input Analyzer

Vendor Rockwell Automation
Product Arena Input Analyzer
Weakness CWE-1284
Published November 14, 2024
Last update November 14, 2024

CVSS base score

7.0/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file.

Key dates

02Disclosure timeline

November 14, 2024 CVE published
November 14, 2024 Record updated