Primary

Context

Rockwell Automation Arena Local Code Execution Vulnerability

Vulnerability

Patched

A local code execution vulnerability has been identified in Rockwell Automation Arena versions through 16.20.08. This vulnerability arises from a stack-based memory buffer overflow, caused by improper validation of user-supplied data. Exploitation of this flaw allows a threat actor to disclose information and execute arbitrary code on the affected system. To successfully exploit this vulnerability, a legitimate user must open a malicious DOE file.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure and the execution of arbitrary code on the affected system.

Remediation

Users can upgrade to Rockwell Automation Arena version 16.20.09 to address this vulnerability. For those unable to upgrade, applying security best practices is recommended.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

5.6

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

5.6

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation Arena Local Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Rockwell Automation Arena

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating