Sign-up

ID

VAR-202403-2964


CVE

CVE-2024-21913


TITLE

Rockwell Automation Arena Simulation Software Heap Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-18332

DESCRIPTION

A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Rockwell Automation Arena Simulation Software is a set of simulation software from Rockwell Automation of the United States that provides 3D animation and graphics functions

Trust: 1.44

sources: NVD: CVE-2024-21913 // CNVD: CNVD-2024-18332

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-18332

AFFECTED PRODUCTS

vendor:rockwellmodel:automation arena simulation softwarescope:eqversion:16.00

Trust: 0.6

sources: CNVD: CNVD-2024-18332

CVSS

SEVERITY

CVSSV2

CVSSV3

PSIRT@rockwellautomation.com: CVE-2024-21913
value: HIGH

Trust: 1.0

CNVD: CNVD-2024-18332
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-18332
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

PSIRT@rockwellautomation.com: CVE-2024-21913
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-18332 // NVD: CVE-2024-21913

PROBLEMTYPE DATA

problemtype:CWE-122

Trust: 1.0

sources: NVD: CVE-2024-21913

PATCH

title:Patch for Rockwell Automation Arena Simulation Software Heap Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/543371

Trust: 0.6

sources: CNVD: CNVD-2024-18332

EXTERNAL IDS

db:NVDid:CVE-2024-21913

Trust: 1.6

db:CNVDid:CNVD-2024-18332

Trust: 0.6

sources: CNVD: CNVD-2024-18332 // NVD: CVE-2024-21913

REFERENCES

url:https://www.rockwellautomation.com/en-us/support/advisory.sd-1665.html

Trust: 1.6

sources: CNVD: CNVD-2024-18332 // NVD: CVE-2024-21913

SOURCES

db:CNVDid:CNVD-2024-18332
db:NVDid:CVE-2024-21913

LAST UPDATE DATE

2024-08-14T13:51:50.397000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-18332date:2024-04-17T00:00:00
db:NVDid:CVE-2024-21913date:2024-03-26T17:09:53.043

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-18332date:2024-04-17T00:00:00
db:NVDid:CVE-2024-21913date:2024-03-26T16:15:10.670