Primary

Context

Rockwell Automation Arena Out-of-Bounds Read Vulnerability Leading to Local Code Execution

Vulnerability

Patched

A local code execution vulnerability has been identified in Rockwell Automation Arena versions through 16.20.08. This vulnerability arises from improper validation of user-supplied data, allowing a threat actor to read outside the allocated memory buffer. Exploitation of this flaw could lead to the disclosure of information and the execution of arbitrary code on the affected system. To successfully exploit this vulnerability, a legitimate user must open a malicious DOE file.

Impact

Exploitation of this vulnerability could result in unauthorized information disclosure and the execution of arbitrary code on the affected system.

Remediation

Users can upgrade to Arena version 16.20.09 to address this vulnerability. For those unable to upgrade, Rockwell Automation recommends applying general security best practices where possible.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

5.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

5.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation Arena Out-of-Bounds Read Vulnerability Leading to Local Code Execution

Vulnerability

Impact

Remediation

Affected Products

Rockwell Automation Arena

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating