CVE-2024-11364

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-11364
Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.

7.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:rockwellautomation:arena:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x86:*
History

11 Jul 2025, 20:03

Type Values Removed Values Added
First Time Microsoft windows
Microsoft
CPE cpe:2.3:a:rockwellautomation:arena:*:*:*:*:*:*:x32:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x86:*
cpe:2.3:a:rockwellautomation:arena:*:*:*:*:*:*:*:*

21 Jan 2025, 21:26

Type Values Removed Values Added
References () https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html - () https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html - Vendor Advisory
CPE cpe:2.3:a:rockwellautomation:arena:*:*:*:*:*:*:x32:*
First Time Rockwellautomation arena
Rockwellautomation
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.3
Summary
  • (es) Existe otra vulnerabilidad de ejecución de código de “variable no inicializada” en Rockwell Automation Arena® que podría permitir que un actor de amenazas manipular un archivo DOE y obligue al software a acceder a una variable antes de que se inicialice. Si se explota, un actor de amenazas podría aprovechar esta vulnerabilidad para ejecutar código arbitrario. Para explotar esta vulnerabilidad, un usuario legítimo debe ejecutar el código malicioso manipulado por el actor de amenazas.
CWE CWE-908

19 Dec 2024, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-19 21:15

Updated : 2025-07-11 20:03

NVD link : CVE-2024-11364

Mitre link : CVE-2024-11364

CVE.ORG link : CVE-2024-11364

JSON object : View

Products Affected

microsoft

  • windows

rockwellautomation

  • arena
CWE
CWE-908

Use of Uninitialized Resource