cbcvebase.

Rockwell Automation Arena Simulation vulnerabilities

15 known vulnerabilities affecting rockwell_automation/arena_simulation.

Total CVEs
15
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH13

Vulnerabilities

Page 1 of 1
CVE-2023-29460P3CRITICALCVSS 9.8≥ 16.00, ≤ 16.202023-05-09
CVE-2023-29460 [CRITICAL] CWE-125 CVE-2023-29460: An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation softwa An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of confidentiality, integrity, and availability.
nvd
CVE-2023-29461P3CRITICALCVSS 9.8≥ 16.00, ≤ 16.202023-05-09
CVE-2023-29461 [CRITICAL] CWE-125 CVE-2023-29461: An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation softwa An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availabil
nvd
CVE-2023-29462P3HIGHCVSS 8.8≥ 16.00, ≤ 16.202023-05-09
CVE-2023-29462 [HIGH] CWE-787 CVE-2023-29462: An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation softwa An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability.
nvd
CVE-2025-7033P3HIGHCVSS 7.8v16.20.09 and prior2025-08-05
CVE-2025-7033 [HIGH] CWE-122 CVE-2025-7033: A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Ar A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
nvd
CVE-2025-7032P3HIGHCVSS 7.8v16.20.09 and prior2025-08-05
CVE-2025-7032 [HIGH] CWE-121 CVE-2025-7032: A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Ar A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
nvd
CVE-2025-7025P3HIGHCVSS 7.8v16.20.09 and prior2025-08-05
CVE-2025-7025 [HIGH] CWE-122 CVE-2025-7025: A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Ar A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.
nvd
CVE-2024-21912P3HIGHCVSS 7.8vVersion 16.00 - 16.20.022024-03-26
CVE-2024-21912 [HIGH] CWE-787 CVE-2024-21912: An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malic An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrit
nvd
CVE-2025-11918P3HIGHCVSS 7.3vVersion 16.20.10 and prior2025-11-14
CVE-2025-11918 [HIGH] CWE-121 CVE-2025-11918: Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific fl Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability requires opening a malicious DOE file.
nvd
CVE-2024-2929P3HIGHCVSS 7.8vVersion 16.00 - 16.20.022024-03-26
CVE-2024-2929 [HIGH] CWE-119 CVE-2024-2929: A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentiall A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of
nvd
CVE-2024-21919P3HIGHCVSS 7.8vVersion 16.00 - 16.20.022024-03-26
CVE-2024-21919 [HIGH] CWE-824 CVE-2024-21919: An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To
nvd
CVE-2023-27854P3HIGHCVSS 7.8vAll versions before 16.20.02 Patch2023-10-27
CVE-2023-27854 [HIGH] CWE-125 CVE-2023-27854: An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation t An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availabili
nvd
CVE-2024-21913P3HIGHCVSS 7.8vVersion 16.00 - 16.20.022024-03-26
CVE-2024-21913 [HIGH] CWE-122 CVE-2024-21913: A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentia
nvd
CVE-2024-21918P3HIGHCVSS 7.8vVersion 16.00 - 16.20.022024-03-26
CVE-2024-21918 [HIGH] CWE-416 CVE-2024-21918: A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially al A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability o
nvd
CVE-2023-27858P3HIGHCVSS 7.8vAll versions before the 16.20.02 Patch2023-10-27
CVE-2023-27858 [HIGH] CWE-824 CVE-2023-27858: Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability
nvd
CVE-2024-21920P4HIGHCVSS 7.1vVersion 16.00 - 16.20.022024-03-26
CVE-2024-21920 [HIGH] CWE-125 CVE-2024-21920: A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a thr A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared
nvd
Rockwell Automation Arena Simulation vulnerabilities | cvebase