Primary

Context

Rockwell Automation Arena Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A stack-based buffer overflow vulnerability has been identified in Rockwell Automation Arena Simulation, specifically in versions through 16.20.10. This vulnerability arises from the parsing of DOE files, allowing local attackers to potentially execute arbitrary code on affected installations. Exploitation of this issue requires opening a malicious DOE file.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the affected system.

Remediation

Users can upgrade to Arena Simulation version 16.20.11 or later to address this vulnerability. For those unable to upgrade, Rockwell Automation recommends following their security best practices.

Added: Nov 14, 2025, 2:20 PM

Updated: Nov 14, 2025, 4:57 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation Arena Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Rockwell Automation Arena

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating