HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2025-11918

CVSS 7.1v4.0pub. 2025-11-14upd. 2025-11-17

Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability requires opening a malicious DOE file.

CVSS Vector
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Rockwellautomation Arena

    APP
    Rockwellautomation
    < 16.20.11
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2025-7033HIGH8.4ten sam produkt

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simula...

CVE-2025-7032HIGH8.4ten sam produkt

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simula...

CVE-2025-7025HIGH8.4ten sam produkt

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simula...

CVE-2025-6377HIGH7.1ten sam produkt

A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force...

CVE-2025-6376HIGH7.1ten sam produkt

A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force...