VYPR

Arena

by Rockwellautomation

CVEs (24)

  • CVE-2019-13510HigAug 15, 2019
    risk 0.52cvss 7.8epss 0.12

    Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code.

  • CVE-2025-6377HigJul 9, 2025
    risk 0.51cvss 7.8epss 0.00

    A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the…

  • CVE-2025-6376HigJul 9, 2025
    risk 0.51cvss 7.8epss 0.00

    A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the…

  • CVE-2025-3289HigApr 8, 2025
    risk 0.51cvss 7.8epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the…

  • CVE-2025-3288HigApr 8, 2025
    risk 0.51cvss 7.8epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor can disclose…

  • CVE-2025-3287HigApr 8, 2025
    risk 0.51cvss 7.8epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the…

  • CVE-2025-3286HigApr 8, 2025
    risk 0.51cvss 7.8epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor can disclose…

  • CVE-2025-3285HigApr 8, 2025
    risk 0.51cvss 7.8epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor can disclose…

  • CVE-2025-2829HigApr 8, 2025
    risk 0.51cvss 7.8epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor can disclose…

  • CVE-2025-2293HigApr 8, 2025
    risk 0.51cvss 7.8epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor can disclose…

  • CVE-2025-2288HigApr 8, 2025
    risk 0.51cvss 7.8epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor can disclose…

  • CVE-2025-2287HigApr 8, 2025
    risk 0.51cvss 7.8epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena®  due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To…

  • CVE-2025-2286HigApr 8, 2025
    risk 0.51cvss 7.8epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena®  due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To…

  • CVE-2025-2285HigApr 8, 2025
    risk 0.51cvss 7.8epss 0.00

    A local code execution vulnerability exists in the Rockwell Automation Arena®  due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To…

  • CVE-2024-12175HigDec 19, 2024
    risk 0.51cvss 7.8epss 0.00

    Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this…

  • CVE-2024-12130HigDec 5, 2024
    risk 0.51cvss 7.8epss 0.00

    An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this…

  • CVE-2024-11156HigDec 5, 2024
    risk 0.51cvss 7.8epss 0.00

    An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute…

  • CVE-2024-11155HigDec 5, 2024
    risk 0.51cvss 7.8epss 0.00

    A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to…

  • CVE-2024-12672HigDec 19, 2024
    risk 0.47cvss 7.3epss 0.00

    A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this…

  • CVE-2024-11364HigDec 19, 2024
    risk 0.47cvss 7.3epss 0.00

    Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage…

Page 1 of 2