PT-2025-15458 · Rockwell Automation · Rockwell Automation Arena
Michael Heinzl
·
Published
2025-04-08
·
Updated
2025-04-08
·
CVE-2025-3288
CVSS v4.0
8.5
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Rockwell Automation Arena (affected versions not specified)
Description:
A local code execution issue exists due to a threat actor being able to read outside of the allocated memory buffer. This is a result of improper validation of user-supplied data. If exploited, a threat actor can disclose information and execute arbitrary code on the system. To exploit the issue, a legitimate user must open a malicious DOE file.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rockwell Automation Arena