PT-2025-15457 · Rockwell Automation · Rockwell Automation Arena

Michael Heinzl

Published

2025-04-07

Updated

2025-04-08

CVE-2025-3287

CVSS v4.0

8.5

High

Vector

AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena (affected versions not specified)

Description: A local code execution issue exists due to a stack-based memory buffer overflow. This is caused by improper validation of user-supplied data. If exploited, it can lead to information disclosure and arbitrary code execution on the system. Exploitation requires a legitimate user to open a malicious DOE file.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2025-04776

CVE-2025-3287

Affected Products

Rockwell Automation Arena

PT-2025-15457 · Rockwell Automation · Rockwell Automation Arena

CVE-2025-3287

Weakness Enumeration

Related Identifiers

Affected Products

References · 6