The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in insufficient validation of input data, allowing a perpetrator to execute arbitrary code.

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena is related to insufficient verification of input data. Exploiting this vulnerability can allow attackers to execute arbitrary code using a specially created DOE file...

CVE-2002-1931

Cross-site scripting XSS vulnerability in PHP Arena paFileDB 1.1.3 and 2.1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the search string...

CVE-2025-4022

A vulnerability was found in web-arena-x webarena up to 0.2.0. It has been declared as critical. This vulnerability affects the function HTMLContentEvaluator of the file webarena/evaluationharness/evaluators.py. The manipulation of the argument target"url" leads to code injection. The attack can ...

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena arises from reading data beyond the buffer boundaries in memory. This allows a hacker to execute arbitrary code.

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created DOE file...

CVE-2025-3287 Local Code Execution Vulnerability in Arena®

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the...

CVE-2025-3285 Local Code Execution Vulnerability in Arena®

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute...

CVE-2025-2293 Local Code Execution Vulnerability in Arena®

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute...

CVE-2025-2286

CVE-2025-2286 : Local code execution in Rockwell Automation Arena due to an uninitialized pointer from improper validation of user-supplied data. A legitimate user must open a malicious DOE file to exploit, enabling information disclosure and arbitrary code execution on the system. Reported remed...

CVE-2025-2286 Local Code Execution Vulnerability in Arena®

A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the...

CVE-2025-2286 Local Code Execution Vulnerability in Arena®

A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the...

Rockwell Automation Arena 缓冲区错误漏洞

Rockwell Automation Arena is a discrete-event simulation and automation software from Rockwell Automation USA. A local code execution vulnerability exists in Rockwell Automation Arena due to improper validation of user-supplied data. An attacker could exploit the vulnerability to disclose...

PT-2025-15443 · Rockwell Automation · Rockwell Automation Arena

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena affected versions not specified Description: A local code execution issue exists due to an uninitialized pointer, resulting from improper validation of user-supplied data. This allows a threat actor to disclose...

CVE-2024-11364 Rockwell Automation Third Party Vulnerability in Arena®

Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to...

CVE-2024-12672 Rockwell Automation Third Party Vulnerability in Arena®

A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a...

CVE-2024-12672 Rockwell Automation Third Party Vulnerability in Arena®

A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a...

CVE-2024-12175

CVE-2024-12175 concerns Rockwell Automation Arena—specifically a use-after-free vulnerability in DOE file parsing that can allow code execution. The flaw occurs when the software processes a crafted DOE file, causing the program to operate on an already-used resource. Exploitation requires a legi...

CVE-2024-11157 Rockwell Automation Third Party Vulnerability in Arena

A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a...

CVE-2024-11157 Rockwell Automation Third Party Vulnerability in Arena

A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a...

Rockwell Automation Arena 安全漏洞

Rockwell Automation Arena is a discrete event simulation and automation software from Rockwell Automation USA. A security vulnerability exists in Rockwell Automation Arena. An attacker exploiting this vulnerability could execute arbitrary code...

Rockwell Automation Arena < 16.20.06 Multiple Vulnerabilities

The version of Rockwell Automation Arena installed on the remote Windows host is prior to 16.20.06. It is, therefore, affected by a number of different vulnerabilities - A “use after free” code execution vulnerability exists in the affected products that could allow a threat actor to craft a...