CVE-2024-21920

Rockwell Automation Arena Simulation Vulnerable To Buffer Overflow

Description

A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.

Remediation

Workaround:

  • * Do not open untrusted files from unknown sources. * For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight  to minimize the risk of the vulnerability.

Category

4.4
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.01%
Affected: Rockwell Automation Arena Simulation
Published at:
Updated at:

References

Link Tags
https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html broken link

Frequently Asked Questions

What is the severity of CVE-2024-21920?
CVE-2024-21920 has been scored as a medium severity vulnerability.
How to fix CVE-2024-21920?
As a workaround for remediating CVE-2024-21920: * Do not open untrusted files from unknown sources. * For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight  to minimize the risk of the vulnerability.
Is CVE-2024-21920 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-21920 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-21920?
CVE-2024-21920 affects Rockwell Automation Arena Simulation.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.