We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-6377

Arena® Simulation Out-Of-Bounds Write Remote Code Execution Vulnerability



Description

A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P.

Reserved 2025-06-19 | Published 2025-07-09 | Updated 2025-07-09 | Assigner Rockwell


HIGH: 7.1CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unaffected

<=16.20.08
affected

References

www.rockwellautomation.com/...dvisories/advisory.SD1729.html

cve.org (CVE-2025-6377)

nvd.nist.gov (CVE-2025-6377)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-6377

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.