The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena arises from reading data beyond the buffer boundaries in memory. This allows a hacker to execute arbitrary code.

🗓️ 23 Apr 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Rockwell Arena vulnerability allows reading beyond buffer boundaries to execute code via a DOE file.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2025-3287	8 Apr 202515:47	–	circl
CNNVD	Rockwell Automation Arena 缓冲区错误漏洞	8 Apr 202500:00	–	cnnvd
CNVD	Rockwell Automation Arena Local Code Execution Vulnerability (CNVD-2025-21435)	18 Apr 202500:00	–	cnvd
CVE	CVE-2025-3287	8 Apr 202515:29	–	cve
Cvelist	CVE-2025-3287 Local Code Execution Vulnerability in Arena®	8 Apr 202515:29	–	cvelist
EUVD	EUVD-2025-10276	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Rockwell Automation Arena	14 Apr 202511:29	–	ncsc
NVD	CVE-2025-3287	8 Apr 202516:15	–	nvd
OSV	CVE-2025-3287	8 Apr 202516:15	–	osv
RedhatCVE	CVE-2025-3287	10 Apr 202516:18	–	redhatcve

Vulners

Node

rockwell_automation rockwell_automation_arenaRange<16.20.09

Source	Link
rockwellautomation	www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1726.html
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2025041437
web	www.web.nvd.nist.gov/view/vuln/detail

23 Apr 2025 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 27.2

CVSS 37.8

EPSS0.00202

Rockwell Arena buffer overflow design of experiments