CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3286 – Local Code Execution Vulnerability in Arena®
https://notcve.org/view.php?id=CVE-2025-3286
08 Apr 2025 — A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. ... If exploited a threat actor can disclose information and execute arbitrary code on the system. If exploited a threat actor can disclose infor... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1726.html • CWE-125: Out-of-bounds Read •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3285 – Local Code Execution Vulnerability in Arena®
https://notcve.org/view.php?id=CVE-2025-3285
08 Apr 2025 — A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. ... If exploited a threat actor can disclose information and execute arbitrary code on the system. If exploited a threat actor can disclose infor... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1726.html • CWE-125: Out-of-bounds Read •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2829 – Local Code Execution Vulnerability in Arena®
https://notcve.org/view.php?id=CVE-2025-2829
08 Apr 2025 — A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. ... If exploited a threat actor can disclose information and execute arbitrary code on the system. If exploited a threat actor can disclose inf... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1726.html • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2293 – Local Code Execution Vulnerability in Arena®
https://notcve.org/view.php?id=CVE-2025-2293
08 Apr 2025 — A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. ... If exploited a threat actor can disclose information and execute arbitrary code on the system. If exploited a threat actor can disclose inf... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1726.html • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2288 – Local Code Execution Vulnerability in Arena®
https://notcve.org/view.php?id=CVE-2025-2288
08 Apr 2025 — A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. ... If exploited a threat actor can disclose information and execute arbitrary code on the system. If exploited a threat actor can disclose inf... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1726.html • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2287 – Local Code Execution Vulnerability in Arena®
https://notcve.org/view.php?id=CVE-2025-2287
08 Apr 2025 — A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. ... If exploited a threat actor can disclose information and execute arbitrary code on the system. ... A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. ... If exploited a threat actor can disclose information and execute arbitrary code on the system. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1726.html • CWE-457: Use of Uninitialized Variable •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2286 – Local Code Execution Vulnerability in Arena®
https://notcve.org/view.php?id=CVE-2025-2286
08 Apr 2025 — A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. ... If exploited a threat actor can disclose information and execute arbitrary code on the system. ... A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. ... If exploited a threat actor can disclose information and execute arbitrary code on the system. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1726.html • CWE-457: Use of Uninitialized Variable •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2285 – Local Code Execution Vulnerability in Arena®
https://notcve.org/view.php?id=CVE-2025-2285
08 Apr 2025 — A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. ... If exploited a threat actor can disclose information and execute arbitrary code on the system. ... A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. ... If exploited a threat actor can disclose information and execute arbitrary code on the system. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1726.html • CWE-457: Use of Uninitialized Variable •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22461 – Ivanti Endpoint Manager OpenRecordSet SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-22461
08 Apr 2025 — SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. ... An attacker can leverage this vulnerability to execute code in the context of the service account. • https://forums.ivanti.com/s/article/Security-Advisory-EPM-April-2025-for-EPM-2024-and-EPM-2022-SU6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0CVE-2025-29999
https://notcve.org/view.php?id=CVE-2025-29999
08 Apr 2025 — This could allow an attacker to execute arbitrary code with administrative privileges by placing a malicious executable in the same directory. • https://cert-portal.siemens.com/productcert/html/ssa-525431.html • CWE-269: Improper Privilege Management •