Rockwell

Vendor security scorecard – 24 CVEs in the selected period

Period: 30d 90d 6m 1y All

Risk 133

24

CVEs

2

Critical

22

High

0

KEV

0

PoC

24

Unpatched C/H

0.0%

Patch Rate

0.2%

Avg EPSS

Severity Breakdown

CRITICAL

2

HIGH

22

MEDIUM

0

LOW

0

Monthly CVE Trend

Affected Products (6)

Arena 15 Memory Corruption 4 Thinmanager 3 Factorytalk Assetcentre 3 Heap Overflow 2 Stack Overflow 2

Top Risky CVEs

CVE	Summary	Severity	CVSS	EPSS	Priority	Signals
CVE-2025-2285	A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.	HIGH	8.5	0.1%	43	No patch
CVE-2025-2287	A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.	HIGH	8.5	0.1%	43	No patch
CVE-2025-2288	A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.	HIGH	8.5	0.1%	43	No patch
CVE-2025-2293	A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.	HIGH	8.5	0.1%	43	No patch
CVE-2025-2829	A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.	HIGH	8.5	0.1%	43	No patch
CVE-2025-3285	A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.	HIGH	8.5	0.1%	43	No patch
CVE-2025-3286	A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.	HIGH	8.5	0.1%	43	No patch
CVE-2025-3287	A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.	HIGH	8.5	0.1%	43	No patch
CVE-2025-3288	A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.	HIGH	8.5	0.1%	43	No patch
CVE-2025-3289	A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. Rated high severity (CVSS 8.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.	HIGH	8.5	0.1%	43	No patch
CVE-2025-3618	A denial-of-service vulnerability exists in the Rockwell Automation ThinManager. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.	HIGH	8.5	0.1%	43	No patch
CVE-2025-3617	A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.	HIGH	8.5	0.0%	43	No patch
CVE-2025-1449	A vulnerability exists in the Rockwell Automation Verve Asset Manager due to insufficient variable sanitizing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.	HIGH	7.5	0.4%	38	No patch
CVE-2025-0659	A path traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.	HIGH	7.0	0.1%	–	No patch
CVE-2025-0477	An encryption vulnerability exists in all versions prior to V15.00.001 of Rockwell Automation FactoryTalk® AssetCentre. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.	CRITICAL	9.3	1.5%	–	No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy