VYPR

Arena

by Rockwellautomation

CVEs (24)

  • CVE-2024-11157HigDec 19, 2024
    risk 0.47cvss 7.3epss 0.00

    A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this…

  • CVE-2024-11158MedDec 5, 2024
    risk 0.44cvss 6.7epss 0.00

    An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage…

  • CVE-2018-8843MedMay 14, 2018
    risk 0.36cvss 5.5epss 0.02

    Rockwell Automation Arena versions 15.10.00 and prior contains a use after free vulnerability caused by processing specially crafted Arena Simulation Software files that may cause the software application to crash, potentially losing any unsaved data..

  • CVE-2025-11918Nov 14, 2025
    risk 0.00cvss epss 0.00

    Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting…

Page 2 of 2