Skip to main content

Arena

45 CVEs product

Monthly

CVE-2026-8314 HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the siman.exe (Siman) simulation-language component, which mishandles user-supplied data when parsing a model file. An attacker who convinces a user to open a crafted Arena file can run code in the context of that user's process. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, so risk is currently theoretical rather than actively exploited.

Buffer Overflow Memory Corruption RCE Arena
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-8313 HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the linker.exe (Siman) component, which fails to properly validate user-supplied data parsed from simulation model files. A local attacker who convinces a user to open a specially crafted Arena file can corrupt memory and run code in the context of the current user. No public exploit has been identified at time of analysis, the issue is not in CISA KEV, and no EPSS score was provided, so real-world exploitation appears theoretical rather than observed.

Buffer Overflow Memory Corruption RCE Arena
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-8312 HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the expmt.exe (Siman) component, which fails to validate user-supplied data when parsing model/experiment files. A local attacker who convinces an engineer to open a malicious Arena file can run code in the context of the current user. No public exploit has been identified at time of analysis, and the flaw is not listed in CISA KEV; it was self-reported by Rockwell's PSIRT (advisory SD1784).

Buffer Overflow Memory Corruption RCE Arena
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-8085 HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the model.exe (Siman) component when a victim opens a maliciously crafted simulation model file. The flaw lets an attacker run code in the context of the current user by tricking an operator or engineer into opening a booby-trapped file, making it a client-side, file-delivery RCE rather than a remotely reachable network service bug. No public exploit has been identified at time of analysis, and no EPSS or CISA KEV data was provided, so real-world exploitation appears limited to social-engineering-driven targeting.

Buffer Overflow Memory Corruption RCE Arena
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2025-11918 HIGH This Month

Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Stack Overflow Rockwell Buffer Overflow RCE Arena
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-7033 HIGH This Month

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rockwell Arena
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-7032 HIGH This Month

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell Buffer Overflow Stack Overflow Arena
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-7025 HIGH This Month

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rockwell Arena
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-6377 HIGH This Week

A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P.

RCE Arena
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-6376 HIGH This Week

A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P.

RCE Arena
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-3289 HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Rockwell Buffer Overflow RCE Arena
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-3288 HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Buffer Overflow RCE Arena
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-3287 HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Buffer Overflow RCE Arena
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-3286 HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Buffer Overflow RCE Arena
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-3285 HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Buffer Overflow RCE Arena
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-2829 HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Rockwell Buffer Overflow RCE Arena
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-2293 HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Rockwell Buffer Overflow RCE Arena
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-2288 HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Rockwell Buffer Overflow RCE Arena
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-2287 HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell RCE Arena
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-2286 HIGH This Month

A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell RCE Arena
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-2285 HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell RCE Arena
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2024-12672 HIGH This Week

A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Rockwell Memory Corruption Arena
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-12175 HIGH This Week

Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell Use After Free Memory Corruption RCE Denial Of Service +1
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2024-11364 HIGH This Week

Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Rockwell Arena
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2024-11157 HIGH This Week

A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Rockwell Memory Corruption Arena
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-12130 HIGH This Week

An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Rockwell RCE Arena
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2024-11158 HIGH This Week

An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Rockwell Arena
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-11156 HIGH This Week

An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Rockwell Memory Corruption Arena
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-11155 HIGH This Week

A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell Use After Free Memory Corruption RCE Denial Of Service +1
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-2929 HIGH This Week

A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Rockwell Arena
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-21920 HIGH This Week

A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Rockwell Arena
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-21919 HIGH This Week

An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rockwell Memory Corruption Arena
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-21918 HIGH This Week

A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Use After Free Rockwell Memory Corruption Arena
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-21913 HIGH This Week

A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rockwell Arena
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-21912 HIGH This Week

An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Rockwell Memory Corruption Arena
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27858 HIGH This Week

Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Rockwell Arena
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27854 HIGH This Week

An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Rockwell Arena
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29462 HIGH This Week

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Rockwell RCE Arena
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-29461 CRITICAL Act Now

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Rockwell Arena
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-29460 CRITICAL Act Now

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Rockwell Arena
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-13527 HIGH This Week

In Rockwell Automation Arena Simulation Software Cat. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell Information Disclosure Memory Corruption Arena
NVD
CVSS 3.1
7.8
EPSS
5.3%
CVE-2019-15567 CRITICAL PATCH Act Now

OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Arena
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2019-13511 LOW Monitor

Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Arena
NVD
CVSS 3.1
3.3
EPSS
5.8%
CVE-2019-13510 HIGH This Week

Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Memory Corruption Use After Free Rockwell +1
NVD
CVSS 3.0
7.8
EPSS
12.0%
CVE-2018-8843 MEDIUM This Month

Rockwell Automation Arena versions 15.10.00 and prior contains a use after free vulnerability caused by processing specially crafted Arena Simulation Software files that may cause the software. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Rockwell Denial Of Service Use After Free Arena
NVD
CVSS 3.0
5.5
EPSS
2.0%
EPSS 0% CVSS 7.0
HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the siman.exe (Siman) simulation-language component, which mishandles user-supplied data when parsing a model file. An attacker who convinces a user to open a crafted Arena file can run code in the context of that user's process. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, so risk is currently theoretical rather than actively exploited.

Buffer Overflow Memory Corruption RCE +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the linker.exe (Siman) component, which fails to properly validate user-supplied data parsed from simulation model files. A local attacker who convinces a user to open a specially crafted Arena file can corrupt memory and run code in the context of the current user. No public exploit has been identified at time of analysis, the issue is not in CISA KEV, and no EPSS score was provided, so real-world exploitation appears theoretical rather than observed.

Buffer Overflow Memory Corruption RCE +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the expmt.exe (Siman) component, which fails to validate user-supplied data when parsing model/experiment files. A local attacker who convinces an engineer to open a malicious Arena file can run code in the context of the current user. No public exploit has been identified at time of analysis, and the flaw is not listed in CISA KEV; it was self-reported by Rockwell's PSIRT (advisory SD1784).

Buffer Overflow Memory Corruption RCE +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Arbitrary code execution in Rockwell Automation Arena Simulation is possible through an out-of-bounds write in the model.exe (Siman) component when a victim opens a maliciously crafted simulation model file. The flaw lets an attacker run code in the context of the current user by tricking an operator or engineer into opening a booby-trapped file, making it a client-side, file-delivery RCE rather than a remotely reachable network service bug. No public exploit has been identified at time of analysis, and no EPSS or CISA KEV data was provided, so real-world exploitation appears limited to social-engineering-driven targeting.

Buffer Overflow Memory Corruption RCE +1
NVD
EPSS 0% CVSS 7.1
HIGH This Month

Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required. No vendor patch available.

Stack Overflow Rockwell Buffer Overflow +2
NVD
EPSS 0% CVSS 8.4
HIGH This Month

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rockwell +1
NVD
EPSS 0% CVSS 8.4
HIGH This Month

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 8.4
HIGH This Month

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rockwell +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P.

RCE Arena
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P.

RCE Arena
NVD
EPSS 0% CVSS 8.5
HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Rockwell Buffer Overflow +2
NVD
EPSS 0% CVSS 8.5
HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Buffer Overflow +2
NVD
EPSS 0% CVSS 8.5
HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Buffer Overflow +2
NVD
EPSS 0% CVSS 8.5
HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Buffer Overflow +2
NVD
EPSS 0% CVSS 8.5
HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Buffer Overflow +2
NVD
EPSS 0% CVSS 8.5
HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Rockwell Buffer Overflow +2
NVD
EPSS 0% CVSS 8.5
HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Rockwell Buffer Overflow +2
NVD
EPSS 0% CVSS 8.5
HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Rockwell Buffer Overflow +2
NVD
EPSS 0% CVSS 8.5
HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell RCE Arena
NVD
EPSS 0% CVSS 8.5
HIGH This Month

A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell RCE Arena
NVD
EPSS 0% CVSS 8.5
HIGH This Week

A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell RCE Arena
NVD
EPSS 0% CVSS 8.5
HIGH This Week

A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Rockwell +2
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell Use After Free Memory Corruption +3
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Rockwell Arena
NVD
EPSS 0% CVSS 8.5
HIGH This Week

A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Rockwell +2
NVD
EPSS 0% CVSS 8.5
HIGH This Week

An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Rockwell +2
NVD
EPSS 0% CVSS 8.5
HIGH This Week

An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Rockwell Arena
NVD
EPSS 0% CVSS 8.5
HIGH This Week

An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Rockwell +2
NVD
EPSS 0% CVSS 8.5
HIGH This Week

A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell Use After Free Memory Corruption +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Rockwell Arena
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Rockwell +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rockwell Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Use After Free Rockwell +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rockwell +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Rockwell +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Rockwell +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Rockwell +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +2
NVD
EPSS 5% CVSS 7.8
HIGH This Week

In Rockwell Automation Arena Simulation Software Cat. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Rockwell Information Disclosure Memory Corruption +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

OpenForis Arena before 2019-05-07 allows SQL injection in the sorting feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Arena
NVD GitHub
EPSS 6% CVSS 3.3
LOW Monitor

Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Arena
NVD
EPSS 12% CVSS 7.8
HIGH This Week

Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Memory Corruption +3
NVD
EPSS 2% CVSS 5.5
MEDIUM This Month

Rockwell Automation Arena versions 15.10.00 and prior contains a use after free vulnerability caused by processing specially crafted Arena Simulation Software files that may cause the software. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Rockwell Denial Of Service +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy