Primary

Context

Rockwell Automation Arena Local Code Execution Vulnerability

Vulnerability

Patched

A local code execution vulnerability has been identified in Rockwell Automation Arena versions through 16.20.08. This vulnerability allows a threat actor to write outside of the allocated memory buffer, leading to the execution of arbitrary code and the potential disclosure of information. The issue arises from improper validation of user-supplied data. Exploitation of this vulnerability requires a legitimate user to open a malicious DOE file.

Impact

Exploitation of this vulnerability could result in unauthorized information disclosure and the execution of arbitrary code on the affected system.

Remediation

Users can upgrade to Arena version 16.20.09 or later to address this vulnerability. For those unable to upgrade, Rockwell Automation recommends applying general security best practices where possible.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

5.6

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

5.6

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation Arena Local Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Rockwell Automation Arena

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating