CVE-2024-11156

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 5, 2024
Updated: Dec 17, 2024
CWE ID 787

Summary

CVE-2024-11156 is a critical vulnerability affecting the Rockwell Automation Arena® system. An out-of-bounds write code execution issue has been identified, enabling a threat actor to exceed memory boundaries in a DOE file. By exploiting this flaw, attackers can execute arbitrary code with the privileges of the affected user. The vulnerability can only be activated if the user runs the maliciously crafted code. This security weakness poses a significant risk to industrial control systems and requires immediate remediation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share