Primary

Context

Rockwell Automation Arena Local Code Execution Vulnerability

Vulnerability

Patched

A local code execution vulnerability has been identified in Rockwell Automation Arena versions through 16.20.08. The issue arises from an uninitialized pointer, leading to improper validation of user-supplied data. This vulnerability allows a legitimate user to open a malicious DOE file, which could result in the disclosure of information and the execution of arbitrary code on the system.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure and the execution of arbitrary code on the affected system.

Remediation

Users can upgrade to Arena version 16.20.09 to address this vulnerability. For those unable to upgrade, Rockwell Automation recommends applying general security best practices where possible.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

5.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

5.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation Arena Local Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Rockwell Automation Arena

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating