Rockwellautomation Arena vulnerabilities
41 known vulnerabilities affecting rockwellautomation/arena.
Total CVEs
41
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH36MEDIUM2LOW1
Vulnerabilities
Page 2 of 3
CVE-2025-3286P3HIGHCVSS 7.8fixed in 16.20.092025-04-08
CVE-2025-3286 [HIGH] CWE-125 CVE-2025-3286: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legi
nvd
CVE-2025-2829P3HIGHCVSS 7.8fixed in 16.20.092025-04-08
CVE-2025-2829 [HIGH] CWE-787 CVE-2025-2829: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a leg
nvd
CVE-2025-3285P3HIGHCVSS 7.8fixed in 16.20.092025-04-08
CVE-2025-3285 [HIGH] CWE-125 CVE-2025-3285: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legi
nvd
CVE-2024-21912P3HIGHCVSS 7.8≥ 16.00.00, < 16.20.032024-03-26
CVE-2024-21912 [HIGH] CWE-787 CVE-2024-21912: An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malic
An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrit
nvd
CVE-2024-12175P3HIGHCVSS 7.8fixed in 16.20.072024-12-19
CVE-2024-12175 [HIGH] CWE-416 CVE-2024-12175: Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that
Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must
nvd
CVE-2025-11918P3HIGHCVSS 7.3fixed in 16.20.112025-11-14
CVE-2025-11918 [HIGH] CWE-121 CVE-2025-11918: Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific fl
Rockwell Automation Arena® suffers from a
stack-based buffer overflow vulnerability. The specific flaw exists within the
parsing of DOE files. Local attackers are able to exploit this issue to
potentially execute arbitrary code on affected installations of Arena®. Exploiting
the vulnerability requires opening a malicious DOE file.
nvd
CVE-2025-2286P3HIGHCVSS 7.8fixed in 16.20.092025-04-08
CVE-2025-2286 [HIGH] CWE-457 CVE-2025-2286: A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitializ
A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
nvd
CVE-2025-2287P3HIGHCVSS 7.8fixed in 16.20.092025-04-08
CVE-2025-2287 [HIGH] CWE-457 CVE-2025-2287: A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitializ
A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
nvd
CVE-2025-2285P3HIGHCVSS 7.8fixed in 16.20.092025-04-08
CVE-2025-2285 [HIGH] CWE-457 CVE-2025-2285: A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitializ
A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
nvd
CVE-2024-2929P3HIGHCVSS 7.8≥ 16.00.00, < 16.20.032024-03-26
CVE-2024-2929 [HIGH] CWE-119 CVE-2024-2929: A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentiall
A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of
nvd
CVE-2024-21919P3HIGHCVSS 7.8≥ 16.00.00, < 16.20.032024-03-26
CVE-2024-21919 [HIGH] CWE-824 CVE-2024-21919: An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a
An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To
nvd
CVE-2023-27854P3HIGHCVSS 7.8fixed in 16.20.022023-10-27
CVE-2023-27854 [HIGH] CWE-125 CVE-2023-27854: An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation t
An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availabili
nvd
CVE-2024-21913P3HIGHCVSS 7.8≥ 16.00.00, < 16.20.032024-03-26
CVE-2024-21913 [HIGH] CWE-122 CVE-2024-21913: A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software
A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentia
nvd
CVE-2024-21918P3HIGHCVSS 7.8≥ 16.00.00, < 16.20.032024-03-26
CVE-2024-21918 [HIGH] CWE-416 CVE-2024-21918: A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially al
A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability o
nvd
CVE-2024-11157P3HIGHCVSS 7.3fixed in 16.20.072024-12-19
CVE-2024-11157 [HIGH] CWE-787 CVE-2024-11157: A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor
A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the
nvd
CVE-2024-12672P3HIGHCVSS 7.3≤ 16.20.072024-12-19
CVE-2024-12672 [HIGH] CWE-787 CVE-2024-12672: A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor
A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the
nvd
CVE-2023-27858P3HIGHCVSS 7.8fixed in 16.20.022023-10-27
CVE-2023-27858 [HIGH] CWE-824 CVE-2023-27858: Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability
nvd
CVE-2024-11158P3MEDIUMCVSS 6.7≤ 16.20.002024-12-05
CVE-2024-11158 [MEDIUM] CWE-665 CVE-2024-11158: An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena®
An “uninitialized variable” code execution vulnerability exists in the
Rockwell Automation Arena®
that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legiti
nvd
CVE-2024-21920P4HIGHCVSS 7.1≥ 16.00.002024-03-26
CVE-2024-21920 [HIGH] CWE-125 CVE-2024-21920: A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a thr
A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared
nvd
CVE-2018-8843P4MEDIUMCVSS 5.5≤ 15.10.002018-05-14
CVE-2018-8843 [MEDIUM] CWE-416 CVE-2018-8843: Rockwell Automation Arena versions 15.10.00 and prior contains a use after free vulnerability caused
Rockwell Automation Arena versions 15.10.00 and prior contains a use after free vulnerability caused by processing specially crafted Arena Simulation Software files that may cause the software application to crash, potentially losing any unsaved data..
nvd