CVE-2024-11364

HIGH Year: 2024
CVSS v3 Score
7.3
High
Weakness Type
CWE-908
View all →

Vulnerability Description

Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.

Related Vulnerabilities

CVE-2023-42797

HIGH
CVSS:7.2(High)

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices...

CWE-9082023

CVE-2008-0063

HIGH
CVSS:7.5(High)

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitiv...

CWE-9082008

CVE-2008-3688

HIGH
CVSS:7.5(High)

sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an un...

CWE-9082008

CVE-2009-0949

HIGH
CVSS:7.5(High)

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointe...

CWE-9082009

CVE-2017-9098

HIGH
CVSS:7.5(High)

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated b...

CWE-9082017

CVE-2018-25023

HIGH
CVSS:7.5(High)

An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type.

CWE-9082018