Total
38 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2285 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | N/A | 7.8 HIGH |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | |||||
| CVE-2025-2287 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | N/A | 7.8 HIGH |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | |||||
| CVE-2025-2288 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | N/A | 7.8 HIGH |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | |||||
| CVE-2025-2286 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | N/A | 7.8 HIGH |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | |||||
| CVE-2025-2293 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | N/A | 7.8 HIGH |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | |||||
| CVE-2025-2829 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | N/A | 7.8 HIGH |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | |||||
| CVE-2025-3286 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | N/A | 7.8 HIGH |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | |||||
| CVE-2025-3285 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | N/A | 7.8 HIGH |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | |||||
| CVE-2025-3287 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | N/A | 7.8 HIGH |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | |||||
| CVE-2025-3288 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | N/A | 7.8 HIGH |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | |||||
| CVE-2025-3289 | 1 Rockwellautomation | 1 Arena | 2025-07-14 | N/A | 7.8 HIGH |
| A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. | |||||
| CVE-2024-11364 | 2 Microsoft, Rockwellautomation | 2 Windows, Arena | 2025-07-11 | N/A | 7.3 HIGH |
| Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | |||||
| CVE-2025-6376 | 1 Rockwellautomation | 1 Arena | 2025-07-11 | N/A | 7.8 HIGH |
| A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P. | |||||
| CVE-2025-6377 | 1 Rockwellautomation | 1 Arena | 2025-07-11 | N/A | 7.8 HIGH |
| A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P. | |||||
| CVE-2024-11158 | 1 Rockwellautomation | 1 Arena | 2025-04-18 | N/A | 6.7 MEDIUM |
| An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | |||||
| CVE-2024-11155 | 1 Rockwellautomation | 1 Arena | 2025-04-14 | N/A | 7.8 HIGH |
| A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | |||||
| CVE-2024-12672 | 2 Microsoft, Rockwellautomation | 2 Windows, Arena | 2025-04-03 | N/A | 7.3 HIGH |
| A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | |||||
| CVE-2024-12175 | 1 Rockwellautomation | 1 Arena | 2025-03-13 | N/A | 7.8 HIGH |
| Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | |||||
| CVE-2024-11157 | 1 Rockwellautomation | 1 Arena | 2025-03-13 | N/A | 7.3 HIGH |
| A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | |||||
| CVE-2024-21913 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | N/A | 7.8 HIGH |
| A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. | |||||