Primary

Context

Rockwell Automation Arena Simulation Out-Of-Bounds Write Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in Rockwell Automation Arena Simulation versions 16.20.08 and earlier. The issue arises from improper input validation, allowing a crafted DOE file to cause the application to write outside the boundaries of an allocated object. Exploitation of this vulnerability requires user interaction, such as opening a malicious file within the software. If successfully exploited, a threat actor could execute arbitrary code on the target system, with the potential for more severe consequences if the software is running with administrative privileges.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users are advised to update to Arena Simulation version 16.20.09 or later. For those unable to upgrade, Rockwell Automation recommends applying security best practices.

Added: Jul 9, 2025, 9:17 PM

Updated: Jul 9, 2025, 9:17 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

4.0

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

10.0

exploitability

4.0

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rockwell Automation Arena Simulation Out-Of-Bounds Write Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Rockwell Automation Arena

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating