Description

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data.  If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.

Related CPE's

Could not find any relations

References

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1726.html

Weaknesses

[email protected]

Secondary
CWE-787

CVSS impact metrics

Missing metrics for CVSS V

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Awaiting analysis

Published

2025-04-08T16:15:26.887

1 month ago

Last modified

2025-04-08T18:13:53.347

1 month ago