Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-6376 (GCVE-0-2025-6376)
Vulnerability from cvelistv5 – Published: 2025-07-09 20:13 – Updated: 2025-07-09 20:33
VLAI?
EPSS
Title
Arena® Simulation Out-Of-Bounds Write Remote Code Execution Vulnerability
Summary
A remote
code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE
file can force Arena Simulation to write beyond the boundaries of an allocated
object. Exploitation
requires user interaction, such as opening a malicious file within the software.
If exploited, a threat actor could execute arbitrary code on the target system.
The software must run under the context of the administrator in order to cause
worse case impact. This is reflected in the Rockwell CVSS score, as AT:P.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Arena® |
Affected:
<=16.20.08
|
Date Public ?
2025-07-09 19:31
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T20:32:56.721742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T20:33:10.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arena\u00ae",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "\u003c=16.20.08"
}
]
}
],
"datePublic": "2025-07-09T19:31:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA remote\ncode execution security issue exists in the Rockwell Automation\u0026nbsp;Arena\u00ae.\u0026nbsp;\u0026nbsp;A crafted DOE\nfile can force Arena Simulation to write beyond the boundaries of an allocated\nobject. Exploitation\nrequires user interaction, such as opening a malicious file within the software.\nIf exploited, a threat actor could execute arbitrary code on the target system.\nThe software must run under the context of the administrator in order to cause\nworse case impact. This is reflected in the Rockwell CVSS score, as AT:P.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "A remote\ncode execution security issue exists in the Rockwell Automation\u00a0Arena\u00ae.\u00a0\u00a0A crafted DOE\nfile can force Arena Simulation to write beyond the boundaries of an allocated\nobject. Exploitation\nrequires user interaction, such as opening a malicious file within the software.\nIf exploited, a threat actor could execute arbitrary code on the target system.\nThe software must run under the context of the administrator in order to cause\nworse case impact. This is reflected in the Rockwell CVSS score, as AT:P."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T20:13:45.320Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Corrected in v16.20.09 and later.\u0026nbsp;"
}
],
"value": "Corrected in v16.20.09 and later."
}
],
"source": {
"advisory": "1729",
"discovery": "EXTERNAL"
},
"title": "Arena\u00ae Simulation Out-Of-Bounds Write Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-6376",
"datePublished": "2025-07-09T20:13:45.320Z",
"dateReserved": "2025-06-19T17:03:53.212Z",
"dateUpdated": "2025-07-09T20:33:10.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-6376",
"date": "2026-04-21",
"epss": "0.00034",
"percentile": "0.09906"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-6376\",\"sourceIdentifier\":\"PSIRT@rockwellautomation.com\",\"published\":\"2025-07-09T21:15:28.423\",\"lastModified\":\"2025-07-11T18:35:53.330\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A remote\\ncode execution security issue exists in the Rockwell Automation\u00a0Arena\u00ae.\u00a0\u00a0A crafted DOE\\nfile can force Arena Simulation to write beyond the boundaries of an allocated\\nobject. Exploitation\\nrequires user interaction, such as opening a malicious file within the software.\\nIf exploited, a threat actor could execute arbitrary code on the target system.\\nThe software must run under the context of the administrator in order to cause\\nworse case impact. This is reflected in the Rockwell CVSS score, as AT:P.\"},{\"lang\":\"es\",\"value\":\"Existe un problema de seguridad de ejecuci\u00f3n remota de c\u00f3digo en Rockwell Automation Arena\u00ae. Un archivo DOE manipulado puede obligar a Arena Simulation a escribir m\u00e1s all\u00e1 de los l\u00edmites de un objeto asignado. Su explotaci\u00f3n requiere la interacci\u00f3n del usuario, como abrir un archivo malicioso dentro del software. Si se explota, un atacante podr\u00eda ejecutar c\u00f3digo arbitrario en el sistema objetivo. El software debe ejecutarse bajo el contexto del administrador para causar un impacto a\u00fan mayor. Esto se refleja en la puntuaci\u00f3n CVSS de Rockwell, como AT:P.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"PSIRT@rockwellautomation.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"PSIRT@rockwellautomation.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:arena:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16.20.09\",\"matchCriteriaId\":\"B1CA47BE-FC9B-41AE-B939-C8FF636596A6\"}]}]}],\"references\":[{\"url\":\"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html\",\"source\":\"PSIRT@rockwellautomation.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-6376\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-09T20:32:56.721742Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-09T20:33:02.396Z\"}}], \"cna\": {\"title\": \"Arena\\u00ae Simulation Out-Of-Bounds Write Remote Code Execution Vulnerability\", \"source\": {\"advisory\": \"1729\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Rockwell Automation\", \"product\": \"Arena\\u00ae\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c=16.20.08\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Corrected in v16.20.09 and later.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Corrected in v16.20.09 and later.\u0026nbsp;\", \"base64\": false}]}], \"datePublic\": \"2025-07-09T19:31:00.000Z\", \"references\": [{\"url\": \"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A remote\\ncode execution security issue exists in the Rockwell Automation\\u00a0Arena\\u00ae.\\u00a0\\u00a0A crafted DOE\\nfile can force Arena Simulation to write beyond the boundaries of an allocated\\nobject. Exploitation\\nrequires user interaction, such as opening a malicious file within the software.\\nIf exploited, a threat actor could execute arbitrary code on the target system.\\nThe software must run under the context of the administrator in order to cause\\nworse case impact. This is reflected in the Rockwell CVSS score, as AT:P.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eA remote\\ncode execution security issue exists in the Rockwell Automation\u0026nbsp;Arena\\u00ae.\u0026nbsp;\u0026nbsp;A crafted DOE\\nfile can force Arena Simulation to write beyond the boundaries of an allocated\\nobject. Exploitation\\nrequires user interaction, such as opening a malicious file within the software.\\nIf exploited, a threat actor could execute arbitrary code on the target system.\\nThe software must run under the context of the administrator in order to cause\\nworse case impact. This is reflected in the Rockwell CVSS score, as AT:P.\u003c/p\u003e\\n\\n\\n\\n\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"b73dd486-f505-4403-b634-40b078b177f0\", \"shortName\": \"Rockwell\", \"dateUpdated\": \"2025-07-09T20:13:45.320Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-6376\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-09T20:33:10.343Z\", \"dateReserved\": \"2025-06-19T17:03:53.212Z\", \"assignerOrgId\": \"b73dd486-f505-4403-b634-40b078b177f0\", \"datePublished\": \"2025-07-09T20:13:45.320Z\", \"assignerShortName\": \"Rockwell\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
GHSA-M5MV-9GVP-XVX4
Vulnerability from github – Published: 2025-07-09 21:31 – Updated: 2025-07-11 21:31
VLAI?
Details
A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P.
Severity ?
{
"affected": [],
"aliases": [
"CVE-2025-6376"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-09T21:15:28Z",
"severity": "HIGH"
},
"details": "A remote\ncode execution security issue exists in the Rockwell Automation\u00a0Arena\u00ae.\u00a0\u00a0A crafted DOE\nfile can force Arena Simulation to write beyond the boundaries of an allocated\nobject. Exploitation\nrequires user interaction, such as opening a malicious file within the software.\nIf exploited, a threat actor could execute arbitrary code on the target system.\nThe software must run under the context of the administrator in order to cause\nworse case impact. This is reflected in the Rockwell CVSS score, as AT:P.",
"id": "GHSA-m5mv-9gvp-xvx4",
"modified": "2025-07-11T21:31:03Z",
"published": "2025-07-09T21:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6376"
},
{
"type": "WEB",
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
CNVD-2025-19255
Vulnerability from cnvd - Published: 2025-08-22
VLAI Severity ?
Title
Rockwell Automation Arena代码执行漏洞(CNVD-2025-19255)
Description
Rockwell Automation Arena是由Rockwell Automation开发的一款离散事件仿真软件,广泛应用于制造、物流和服务行业。
Rockwell Automation Arena存在代码执行漏洞,该漏洞源于特制DOE文件导致越界写入,攻击者可利用该漏洞执行任意代码。
Severity
高
Formal description
目前厂商尚未发布升级程序修复该安全问题,详情见厂商官网: https://www.rockwellautomation.com.cn/
Reference
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html
Impacted products
| Name | Rockwell Automation Arena |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-6376",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-6376"
}
},
"description": "Rockwell Automation Arena\u662f\u7531Rockwell Automation\u5f00\u53d1\u7684\u4e00\u6b3e\u79bb\u6563\u4e8b\u4ef6\u4eff\u771f\u8f6f\u4ef6,\u5e7f\u6cdb\u5e94\u7528\u4e8e\u5236\u9020\u3001\u7269\u6d41\u548c\u670d\u52a1\u884c\u4e1a\u3002\n\nRockwell Automation Arena\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7279\u5236DOE\u6587\u4ef6\u5bfc\u81f4\u8d8a\u754c\u5199\u5165\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://www.rockwellautomation.com.cn/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-19255",
"openTime": "2025-08-22",
"products": {
"product": "Rockwell Automation Arena"
},
"referenceLink": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html",
"serverity": "\u9ad8",
"submitTime": "2025-07-21",
"title": "Rockwell Automation Arena\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2025-19255\uff09"
}
FKIE_CVE-2025-6376
Vulnerability from fkie_nvd - Published: 2025-07-09 21:15 - Updated: 2025-07-11 18:35
Severity ?
Summary
A remote
code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE
file can force Arena Simulation to write beyond the boundaries of an allocated
object. Exploitation
requires user interaction, such as opening a malicious file within the software.
If exploited, a threat actor could execute arbitrary code on the target system.
The software must run under the context of the administrator in order to cause
worse case impact. This is reflected in the Rockwell CVSS score, as AT:P.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rockwellautomation | arena | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rockwellautomation:arena:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CA47BE-FC9B-41AE-B939-C8FF636596A6",
"versionEndExcluding": "16.20.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote\ncode execution security issue exists in the Rockwell Automation\u00a0Arena\u00ae.\u00a0\u00a0A crafted DOE\nfile can force Arena Simulation to write beyond the boundaries of an allocated\nobject. Exploitation\nrequires user interaction, such as opening a malicious file within the software.\nIf exploited, a threat actor could execute arbitrary code on the target system.\nThe software must run under the context of the administrator in order to cause\nworse case impact. This is reflected in the Rockwell CVSS score, as AT:P."
},
{
"lang": "es",
"value": "Existe un problema de seguridad de ejecuci\u00f3n remota de c\u00f3digo en Rockwell Automation Arena\u00ae. Un archivo DOE manipulado puede obligar a Arena Simulation a escribir m\u00e1s all\u00e1 de los l\u00edmites de un objeto asignado. Su explotaci\u00f3n requiere la interacci\u00f3n del usuario, como abrir un archivo malicioso dentro del software. Si se explota, un atacante podr\u00eda ejecutar c\u00f3digo arbitrario en el sistema objetivo. El software debe ejecutarse bajo el contexto del administrador para causar un impacto a\u00fan mayor. Esto se refleja en la puntuaci\u00f3n CVSS de Rockwell, como AT:P."
}
],
"id": "CVE-2025-6376",
"lastModified": "2025-07-11T18:35:53.330",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary"
}
]
},
"published": "2025-07-09T21:15:28.423",
"references": [
{
"source": "PSIRT@rockwellautomation.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html"
}
],
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
VAR-202507-0649
Vulnerability from variot - Updated: 2025-10-16 23:21A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P. Rockwell Automation of Arena Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202507-0649",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "arena",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "16.20.09"
},
{
"model": "arena",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "arena",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "16.20.09"
},
{
"model": "arena",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "arena simulation",
"scope": null,
"trust": 0.7,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation arena",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-836"
},
{
"db": "CNVD",
"id": "CNVD-2025-19255"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008853"
},
{
"db": "NVD",
"id": "CVE-2025-6376"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Simon (@esj4y) Janz",
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-836"
}
],
"trust": 0.7
},
"cve": "CVE-2025-6376",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-19255",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-6376",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2025-6376",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-6376",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2025-6376",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2025-6376",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2025-6376",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2025-6376",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-19255",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-836"
},
{
"db": "CNVD",
"id": "CNVD-2025-19255"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008853"
},
{
"db": "NVD",
"id": "CVE-2025-6376"
},
{
"db": "NVD",
"id": "CVE-2025-6376"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote\ncode execution security issue exists in the Rockwell Automation\u00a0Arena\u00ae. \u00a0\u00a0A crafted DOE\nfile can force Arena Simulation to write beyond the boundaries of an allocated\nobject. Exploitation\nrequires user interaction, such as opening a malicious file within the software. \nIf exploited, a threat actor could execute arbitrary code on the target system. \nThe software must run under the context of the administrator in order to cause\nworse case impact. This is reflected in the Rockwell CVSS score, as AT:P. Rockwell Automation of Arena Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-6376"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008853"
},
{
"db": "ZDI",
"id": "ZDI-25-836"
},
{
"db": "CNVD",
"id": "CNVD-2025-19255"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-6376",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008853",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-26556",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-25-836",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-19255",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-836"
},
{
"db": "CNVD",
"id": "CNVD-2025-19255"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008853"
},
{
"db": "NVD",
"id": "CVE-2025-6376"
}
]
},
"id": "VAR-202507-0649",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-19255"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-19255"
}
]
},
"last_update_date": "2025-10-16T23:21:30.371000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-836"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-008853"
},
{
"db": "NVD",
"id": "CVE-2025-6376"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1729.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-6376"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-836"
},
{
"db": "CNVD",
"id": "CNVD-2025-19255"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008853"
},
{
"db": "NVD",
"id": "CVE-2025-6376"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-25-836"
},
{
"db": "CNVD",
"id": "CNVD-2025-19255"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008853"
},
{
"db": "NVD",
"id": "CVE-2025-6376"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-13T00:00:00",
"db": "ZDI",
"id": "ZDI-25-836"
},
{
"date": "2025-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-19255"
},
{
"date": "2025-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-008853"
},
{
"date": "2025-07-09T21:15:28.423000",
"db": "NVD",
"id": "CVE-2025-6376"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-13T00:00:00",
"db": "ZDI",
"id": "ZDI-25-836"
},
{
"date": "2025-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-19255"
},
{
"date": "2025-07-15T01:29:00",
"db": "JVNDB",
"id": "JVNDB-2025-008853"
},
{
"date": "2025-07-11T18:35:53.330000",
"db": "NVD",
"id": "CVE-2025-6376"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0Arena\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-008853"
}
],
"trust": 0.8
}
}
BDU:2025-08441
Vulnerability from fstec - Published: 09.07.2025
VLAI Severity ?
Title
Уязвимость программного обеспечения для дискретного моделирования событий и автоматизации Rockwell Automation Arena, связанная с недостаточной проверкой входных данных, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость программного обеспечения для дискретного моделирования событий и автоматизации Rockwell Automation Arena связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код с помощью специально созданного DOE-файла
Severity ?
Vendor
Rockwell Automation Inc.
Software Name
Rockwell Automation Arena
Software Version
до 16.20.09 (Rockwell Automation Arena)
Possible Mitigations
Использование рекомендаций:
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html
Reference
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html
CWE
CWE-20, CWE-787
{
"CVSS 2.0": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": "AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Rockwell Automation Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 16.20.09 (Rockwell Automation Arena)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "09.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "14.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.07.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-08441",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-6376",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Rockwell Automation Arena",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0434\u0438\u0441\u043a\u0440\u0435\u0442\u043d\u043e\u0433\u043e \u043c\u043e\u0434\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u043e\u0431\u044b\u0442\u0438\u0439 \u0438 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 Rockwell Automation Arena, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20), \u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0434\u0438\u0441\u043a\u0440\u0435\u0442\u043d\u043e\u0433\u043e \u043c\u043e\u0434\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u043e\u0431\u044b\u0442\u0438\u0439 \u0438 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0437\u0430\u0446\u0438\u0438 Rockwell Automation Arena \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e DOE-\u0444\u0430\u0439\u043b\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438, \u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20, CWE-787",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)"
}
ICSA-24-345-06
Vulnerability from csaf_cisa - Published: 2024-12-10 07:00 - Updated: 2026-02-03 07:00Summary
Rockwell Automation Arena (Update B)
Notes
Legal Notice and Terms of Use: This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Risk evaluation: Successful exploitation of these vulnerabilities could result in execution of arbitrary code.
Critical infrastructure sectors: Critical Manufacturing
Countries/areas deployed: Worldwide
Company headquarters location: United States
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:
Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks:
Recommended Practices: Do not click web links or open attachments in unsolicited email messages.
Recommended Practices: Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Recommended Practices: Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
Recommended Practices: No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely.
7.8 (High)
Mitigation
Rockwell Automation recommends users upgrade to V16.20.09 or later.
Mitigation
Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.
Vendor Fix
Do not load untrusted Arena model files.
Mitigation
Hold the control key down when loading files to help prevent the VBA file stream from loading.
Mitigation
For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.
https://www.cisa.gov/stakeholder-specific-vulnera…
Mitigation
For more information about these issues, please see the Rockwell Automation security advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
7.8 (High)
Mitigation
Rockwell Automation recommends users upgrade to V16.20.09 or later.
Mitigation
Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.
Vendor Fix
Do not load untrusted Arena model files.
Mitigation
Hold the control key down when loading files to help prevent the VBA file stream from loading.
Mitigation
For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.
https://www.cisa.gov/stakeholder-specific-vulnera…
Mitigation
For more information about these issues, please see the Rockwell Automation security advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
7.8 (High)
Mitigation
Rockwell Automation recommends users upgrade to V16.20.09 or later.
Mitigation
Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.
Vendor Fix
Do not load untrusted Arena model files.
Mitigation
Hold the control key down when loading files to help prevent the VBA file stream from loading.
Mitigation
For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.
https://www.cisa.gov/stakeholder-specific-vulnera…
Mitigation
For more information about these issues, please see the Rockwell Automation security advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
7.8 (High)
Mitigation
Rockwell Automation recommends users upgrade to V16.20.09 or later.
Mitigation
Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.
Vendor Fix
Do not load untrusted Arena model files.
Mitigation
Hold the control key down when loading files to help prevent the VBA file stream from loading.
Mitigation
For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.
https://www.cisa.gov/stakeholder-specific-vulnera…
Mitigation
For more information about these issues, please see the Rockwell Automation security advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
7.8 (High)
Mitigation
Rockwell Automation recommends users upgrade to V16.20.09 or later.
Mitigation
Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.
Vendor Fix
Do not load untrusted Arena model files.
Mitigation
Hold the control key down when loading files to help prevent the VBA file stream from loading.
Mitigation
For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.
https://www.cisa.gov/stakeholder-specific-vulnera…
Mitigation
For more information about these issues, please see the Rockwell Automation security advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
7.8 (High)
Mitigation
Rockwell Automation recommends users upgrade to V16.20.09 or later.
Mitigation
Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.
Vendor Fix
Do not load untrusted Arena model files.
Mitigation
Hold the control key down when loading files to help prevent the VBA file stream from loading.
Mitigation
For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.
https://www.cisa.gov/stakeholder-specific-vulnera…
Mitigation
For more information about these issues, please see the Rockwell Automation security advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
7.8 (High)
Mitigation
Rockwell Automation recommends users upgrade to V16.20.09 or later.
Mitigation
Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.
Mitigation
Hold the control key down when loading files to help prevent the VBA file stream from loading.
Mitigation
For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.
https://www.cisa.gov/stakeholder-specific-vulnera…
Mitigation
For more information about these issues, please see the Rockwell Automation security advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
7.8 (High)
Mitigation
Rockwell Automation recommends users upgrade to V16.20.09 or later.
Mitigation
Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.
Mitigation
Hold the control key down when loading files to help prevent the VBA file stream from loading.
Mitigation
For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.
https://www.cisa.gov/stakeholder-specific-vulnera…
Mitigation
For more information about these issues, please see the Rockwell Automation security advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
7.0 (High)
Mitigation
Rockwell Automation recommends users upgrade to V16.20.09 or later.
Mitigation
Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.
Vendor Fix
Do not load untrusted Arena model files.
Mitigation
Hold the control key down when loading files to help prevent the VBA file stream from loading.
Mitigation
For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.
https://www.cisa.gov/stakeholder-specific-vulnera…
Mitigation
For more information about these issues, please see the Rockwell Automation security advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
7.0 (High)
Mitigation
Rockwell Automation recommends users upgrade to V16.20.09 or later.
Mitigation
Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.
Vendor Fix
Do not load untrusted Arena model files.
Mitigation
Hold the control key down when loading files to help prevent the VBA file stream from loading.
Mitigation
For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.
https://rockwellautomation.custhelp.com/app/answe…
Mitigation
Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.
https://www.cisa.gov/stakeholder-specific-vulnera…
Mitigation
For more information about these issues, please see the Rockwell Automation security advisory.
https://www.rockwellautomation.com/en-us/trust-ce…
References
Acknowledgments
TecSecurity
Rocco Calvi
Trend Micro Zero Day Initiative
Mat Powell
{
"document": {
"acknowledgments": [
{
"names": [
"Rocco Calvi"
],
"organization": "TecSecurity",
"summary": "reported these vulnerabilities to Trend Micro Zero Day Initiative"
},
{
"names": [
"Mat Powell"
],
"organization": "Trend Micro Zero Day Initiative",
"summary": "reported these vulnerabilities to Rockwell Automation"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
"title": "Legal Notice and Terms of Use"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could result in execution of arbitrary code.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Do not click web links or open attachments in unsolicited email messages.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. These vulnerabilities are not exploitable remotely.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-24-345-06 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-345-06.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-24-345-06 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-06"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/secure-our-world/teach-employees-avoid-phishing"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks"
}
],
"title": "Rockwell Automation Arena (Update B)",
"tracking": {
"current_release_date": "2026-02-03T07:00:00.000000Z",
"generator": {
"date": "2026-02-02T21:14:52.807788Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-24-345-06",
"initial_release_date": "2024-12-10T07:00:00.000000Z",
"revision_history": [
{
"date": "2024-12-10T07:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
},
{
"date": "2025-01-09T07:00:00.000000Z",
"legacy_version": "Update A",
"number": "2",
"summary": "Update A - Added CVE-2024-11157, CVE-2024-12175, CVE-2024-12672, and CVE-2024-11364."
},
{
"date": "2026-02-03T07:00:00.000000Z",
"legacy_version": "Update B",
"number": "3",
"summary": "Update B - Added CVE-2025-6376, CVE-2025-6377, updated affected products and mitigations."
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=16.20.00",
"product": {
"name": "Rockwell Automation Arena: \u003c=16.20.00",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Arena"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=16.20.03",
"product": {
"name": "Rockwell Automation Arena: \u003c=16.20.03",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Arena"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=16.20.05",
"product": {
"name": "Rockwell Automation Arena: \u003c=16.20.05",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Arena"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=16.20.06",
"product": {
"name": "Rockwell Automation Arena: \u003c=16.20.06",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Arena"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=16.20.08",
"product": {
"name": "Rockwell Automation Arena: \u003c=16.20.08",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "Arena"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=16.20.07",
"product": {
"name": "Rockwell Automation Arena 32 bit: \u003c=16.20.07",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "Arena 32 bit"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=16.20.06",
"product": {
"name": "Rockwell Automation Arena 32 bit: \u003c=16.20.06",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "Arena 32 bit"
}
],
"category": "vendor",
"name": "Rockwell Automation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11155",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A \"use after free\" code execution vulnerability exists in the affected products that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11155"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation recommends users upgrade to V16.20.09 or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Do not load untrusted Arena model files.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Hold the control key down when loading files to help prevent the VBA file stream from loading.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "mitigation",
"details": "Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc"
},
{
"category": "mitigation",
"details": "For more information about these issues, please see the Rockwell Automation security advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2024-11156",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An \"out of bounds write\" code execution vulnerability exists in the affected products that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11156"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation recommends users upgrade to V16.20.09 or later.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Do not load untrusted Arena model files.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Hold the control key down when loading files to help prevent the VBA file stream from loading.",
"product_ids": [
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "mitigation",
"details": "Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc"
},
{
"category": "mitigation",
"details": "For more information about these issues, please see the Rockwell Automation security advisory.",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2024-11158",
"cwe": {
"id": "CWE-665",
"name": "Improper Initialization"
},
"notes": [
{
"category": "summary",
"text": "An \"uninitialized variable\" code execution vulnerability exists in the affected products that could allow a threat actor to craft a DOE file and force the software to access a variable before it is initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/665.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11158"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation recommends users upgrade to V16.20.09 or later.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "Do not load untrusted Arena model files.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "Hold the control key down when loading files to help prevent the VBA file stream from loading.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "mitigation",
"details": "For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "mitigation",
"details": "Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc"
},
{
"category": "mitigation",
"details": "For more information about these issues, please see the Rockwell Automation security advisory.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2024-12130",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "An \"out of bounds read\" code execution vulnerability exists in the affected products that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12130"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation recommends users upgrade to V16.20.09 or later.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Do not load untrusted Arena model files.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "Hold the control key down when loading files to help prevent the VBA file stream from loading.",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "mitigation",
"details": "For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "mitigation",
"details": "Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc"
},
{
"category": "mitigation",
"details": "For more information about these issues, please see the Rockwell Automation security advisory.",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
]
},
{
"cve": "CVE-2024-11157",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A third-party vulnerability exists in the affected products that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11157"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation recommends users upgrade to V16.20.09 or later.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Do not load untrusted Arena model files.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Hold the control key down when loading files to help prevent the VBA file stream from loading.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "mitigation",
"details": "Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc"
},
{
"category": "mitigation",
"details": "For more information about these issues, please see the Rockwell Automation security advisory.",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2024-12175",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "Another \"use after free\" code execution vulnerability exists in the affected products that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12175"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation recommends users upgrade to V16.20.09 or later.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Do not load untrusted Arena model files.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Hold the control key down when loading files to help prevent the VBA file stream from loading.",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "mitigation",
"details": "Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc"
},
{
"category": "mitigation",
"details": "For more information about these issues, please see the Rockwell Automation security advisory.",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0004"
]
}
]
},
{
"cve": "CVE-2024-12672",
"cwe": {
"id": "CWE-1395",
"name": "Dependency on Vulnerable Third-Party Component"
},
"notes": [
{
"category": "summary",
"text": "A third-party vulnerability exists in the affected products that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/1395.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12672"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation recommends users upgrade to V16.20.09 or later.",
"product_ids": [
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.",
"product_ids": [
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "Hold the control key down when loading files to help prevent the VBA file stream from loading.",
"product_ids": [
"CSAFPID-0006"
]
},
{
"category": "mitigation",
"details": "For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "mitigation",
"details": "Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc"
},
{
"category": "mitigation",
"details": "For more information about these issues, please see the Rockwell Automation security advisory.",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0006"
]
}
]
},
{
"cve": "CVE-2024-11364",
"cwe": {
"id": "CWE-1395",
"name": "Dependency on Vulnerable Third-Party Component"
},
"notes": [
{
"category": "summary",
"text": "Another \"uninitialized variable\" code execution vulnerability exists in the affected products that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0007"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/1395.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11364"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation recommends users upgrade to V16.20.09 or later.",
"product_ids": [
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.",
"product_ids": [
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "Hold the control key down when loading files to help prevent the VBA file stream from loading.",
"product_ids": [
"CSAFPID-0007"
]
},
{
"category": "mitigation",
"details": "For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.",
"product_ids": [
"CSAFPID-0007"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "mitigation",
"details": "Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.",
"product_ids": [
"CSAFPID-0007"
],
"url": "https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc"
},
{
"category": "mitigation",
"details": "For more information about these issues, please see the Rockwell Automation security advisory.",
"product_ids": [
"CSAFPID-0007"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0007"
]
}
]
},
{
"cve": "CVE-2025-6377",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A remote code execution security issue exists in the affected products that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6377"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation recommends users upgrade to V16.20.09 or later.",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "vendor_fix",
"details": "Do not load untrusted Arena model files.",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Hold the control key down when loading files to help prevent the VBA file stream from loading.",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "mitigation",
"details": "Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc"
},
{
"category": "mitigation",
"details": "For more information about these issues, please see the Rockwell Automation security advisory.",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2025-6376",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A remote code execution security issue exists in the affected products that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "cwe.mitre.org",
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"category": "external",
"summary": "www.cve.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6376"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell Automation recommends users upgrade to V16.20.09 or later.",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "vendor_fix",
"details": "Do not load untrusted Arena model files.",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "Hold the control key down when loading files to help prevent the VBA file stream from loading.",
"product_ids": [
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight"
},
{
"category": "mitigation",
"details": "Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc"
},
{
"category": "mitigation",
"details": "For more information about these issues, please see the Rockwell Automation security advisory.",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0005"
]
}
]
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…