Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of Arena®. Exploiting the vulnerability requires opening a malicious DOE file.
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XRockwellautomation Arena
APPRockwellautomation< 16.20.11
Related vulnerabilities
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simula...
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simula...
A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simula...
A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force...
A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force...