Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
File-open RCE needs no attacker privileges (PR:N) but requires the victim to open a crafted file (UI:R) locally (AV:L); full code execution yields C/I/A:H, differing from vendor's PR:L.
Primary rating from Vendor (rockwellautomation).
CVSS VectorVendor: rockwellautomation
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A security issue exists within Arena® Simulation due to a memory corruption vulnerability in the model.exe (Siman) component. The vulnerability stems from improper validation of user-supplied data, which can result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process by convincing a user to open a malicious file.
AnalysisAI
Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the model.exe (Siman) component when a victim opens a maliciously crafted simulation model file. The flaw lets an attacker run code in the context of the current user by tricking an operator or engineer into opening a booby-trapped file, making it a client-side, file-delivery RCE rather than a remotely reachable network service bug. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to open an attacker-supplied malicious Arena Simulation model file that is parsed by the model.exe (Siman) component - the specific triggering condition is malformed/oversized user-supplied data in that model file causing an out-of-bounds write. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-supplied CVSS 4.0 base score is 7.0 with vector AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H - a local attack vector requiring some privilege and passive user interaction, with high confidentiality, integrity, and availability impact but no scope change to other systems. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious Arena Simulation model file that triggers the out-of-bounds write in the Siman parser and emails it to a plant or process engineer, perhaps disguised as a shared simulation project. When the victim opens the file in Arena, the malformed data corrupts memory in model.exe and executes attacker-supplied code with the privileges of the logged-in user. … |
| Remediation | Apply the update described in Rockwell Automation Security Advisory SD1784 (https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1784.html); a patch is available per the vendor advisory, but no exact fixed version number was included in the provided data, so confirm and install the specific patched build listed by Rockwell. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all systems running Rockwell Arena Simulation and document all external sources of simulation model files. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that
OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature. Rated critical severity (CVSS 9.8), this
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflo
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read o
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflo
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read o
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read o
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43668
GHSA-269w-m449-w5rg