CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2287 – Local Code Execution Vulnerability in Arena®
https://notcve.org/view.php?id=CVE-2025-2287
08 Apr 2025 — A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1726.html • CWE-457: Use of Uninitialized Variable •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2286 – Local Code Execution Vulnerability in Arena®
https://notcve.org/view.php?id=CVE-2025-2286
08 Apr 2025 — A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1726.html • CWE-457: Use of Uninitialized Variable •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2285 – Local Code Execution Vulnerability in Arena®
https://notcve.org/view.php?id=CVE-2025-2285
08 Apr 2025 — A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file. A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1726.html • CWE-457: Use of Uninitialized Variable •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12672 – Rockwell Automation Third Party Vulnerability in Arena®
https://notcve.org/view.php?id=CVE-2024-12672
19 Dec 2024 — A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated ... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11157 – Rockwell Automation Third Party Vulnerability in Arena
https://notcve.org/view.php?id=CVE-2024-11157
19 Dec 2024 — A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User inte... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11364 – Rockwell Automation Third Party Vulnerability in Arena®
https://notcve.org/view.php?id=CVE-2024-11364
19 Dec 2024 — Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitrary code on affected i... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-908: Use of Uninitialized Resource •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12175 – Rockwell Automation Code Execution Vulnerability in Arena
https://notcve.org/view.php?id=CVE-2024-12175
19 Dec 2024 — Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Roc... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-416: Use After Free •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12130 – Rockwell Automation Arena® Out of Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2024-12130
05 Dec 2024 — An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitrary code on affected installa... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11158 – Rockwell Automation Arena® Uninitialized Vulnerability
https://notcve.org/view.php?id=CVE-2024-11158
05 Dec 2024 — An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitrary code on affected installa... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-665: Improper Initialization •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11156 – Rockwell Automation Arena® Out of Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2024-11156
05 Dec 2024 — An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation A... • https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html • CWE-787: Out-of-bounds Write •