CVE-2024-12175

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 19, 2024

Updated: Jan 10, 2025

CWE ID 416

Summary

CVE-2024-12175 is a newly identified vulnerability affecting Rockwell Automation's Arena® software. This issue involves a "use after free" code execution vulnerability, where a threat actor can craft a specific DOE file to force the software to use a resource that has already been freed. By exploiting this vulnerability, an attacker could execute arbitrary code within the Arena® environment. To trigger the exploit, a legitimate user must interact with the maliciously crafted DOE file.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Rockwell Automation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/1Ps36W
https://www.cve.org/CVERecord?id=CVE-2024-12175
https://nvd.nist.gov/vuln/detail/CVE-2024-12175

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-12175

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations