Primary

Context

Rockwell Automation Arena Local Code Execution Vulnerability

Vulnerability

Patched

A local code execution vulnerability has been identified in Rockwell Automation Arena versions through 16.20.08. This vulnerability arises from an uninitialized pointer, which results in improper validation of user-supplied data. Exploitation of this flaw allows a threat actor to disclose information and execute arbitrary code on the system. To trigger this vulnerability, a legitimate user must open a malicious DOE file.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure and the execution of arbitrary code on the affected system.

Remediation

Users can upgrade to Arena version 16.20.09 to address this vulnerability. For those unable to upgrade, it is recommended to follow general security best practices.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

8.1

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

8.1

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation Arena Local Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Rockwell Automation Arena

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating