Vulnerability Details CVE-2024-11158
An “uninitialized variable” code execution vulnerability exists in the
Rockwell Automation Arena®
that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.6%
CVSS Severity
CVSS v3 Score 6.7
References
Products affected by CVE-2024-11158
-
cpe:2.3:a:rockwellautomation:arena:-
-
cpe:2.3:a:rockwellautomation:arena:10.00.00
-
cpe:2.3:a:rockwellautomation:arena:11.00.00
-
cpe:2.3:a:rockwellautomation:arena:12.00.00
-
cpe:2.3:a:rockwellautomation:arena:13.00.00
-
cpe:2.3:a:rockwellautomation:arena:13.50.00
-
cpe:2.3:a:rockwellautomation:arena:13.90.00
-
cpe:2.3:a:rockwellautomation:arena:14.00.00
-
cpe:2.3:a:rockwellautomation:arena:14.00.01
-
cpe:2.3:a:rockwellautomation:arena:14.50.00
-
cpe:2.3:a:rockwellautomation:arena:14.70.00
-
cpe:2.3:a:rockwellautomation:arena:15.00.00
-
cpe:2.3:a:rockwellautomation:arena:15.10.00
-
cpe:2.3:a:rockwellautomation:arena:15.10.01
-
cpe:2.3:a:rockwellautomation:arena:16.00.00
-
cpe:2.3:a:rockwellautomation:arena:16.00.01
-
cpe:2.3:a:rockwellautomation:arena:16.10.00
-
cpe:2.3:a:rockwellautomation:arena:16.20.00
-
cpe:2.3:a:rockwellautomation:arena:2.00.00
-
cpe:2.3:a:rockwellautomation:arena:2.50.00
-
cpe:2.3:a:rockwellautomation:arena:3.00.00
-
cpe:2.3:a:rockwellautomation:arena:8.01.00
-
cpe:2.3:a:rockwellautomation:arena:9.00.00