CVE-2024-11156
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Dec 5, 2024
Updated: Dec 17, 2024
CWE ID 787
Summary
CVE-2024-11156 is a critical vulnerability affecting the Rockwell Automation Arena® system. An out-of-bounds write code execution issue has been identified, enabling a threat actor to exceed memory boundaries in a DOE file. By exploiting this flaw, attackers can execute arbitrary code with the privileges of the affected user. The vulnerability can only be activated if the user runs the maliciously crafted code. This security weakness poses a significant risk to industrial control systems and requires immediate remediation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- Rockwell Automation