HIGH✓ PATCH🇬🇧 English

CVE-2025-11918

CVSS 7.1v4.0pub. 2025-11-14upd. 2025-11-17

Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability requires opening a malicious DOE file.

oryginał EN
CVSS Vector
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Rockwellautomation Arena

    APP
    Rockwellautomation
    < 16.20.11
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCEMemory
CWE
Referencje

Powiązane podatności

CVE-2025-7033HIGH8.4ten sam produkt

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simula...

CVE-2025-7032HIGH8.4ten sam produkt

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simula...

CVE-2025-7025HIGH8.4ten sam produkt

A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simula...

CVE-2025-6377HIGH7.1ten sam produkt

A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force...

CVE-2025-6376HIGH7.1ten sam produkt

A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force...