Rewterz Annual Threat Intelligence Report 2025 - Download Now

Request a Demo
Rewterz
Rhadamanthys Stealer – Active IOCs
April 10, 2025
Rewterz
Multiple Dell Products Vulnerabilities
April 10, 2025

ICS: Multiple Rockwell Automation Arena Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-3289 CVSS:8.5

A local code execution vulnerability exists in Rockwell Automation Arena® stemming from a stack-based memory buffer overflow. The weakness happens because the software does not properly check user-supplied data. If triggered, this flaw allows a threat actor to disclose system information and run arbitrary code. To take advantage of this issue, a legitimate user must open a malicious DOE file.

CVE-2025-3288 CVSS:8.5

A local code execution vulnerability exists in Rockwell Automation Arena® due to inadequate data validation, allowing a threat actor to read beyond the allocated memory buffer. If exploited, the vulnerability could enable a threat actor to disclose system information and execute arbitrary code. To trigger the vulnerability, a legitimate user must open a malicious DOE file, which could potentially compromise the system's security.

CVE-2025-3285 CVSS:8.5

A local code execution vulnerability has been discovered in Rockwell Automation Arena®. The flaw stems from improper validation of user-supplied data, which allows a threat actor to read outside of the allocated memory buffer. If a legitimate user opens a malicious DOE file, an attacker could potentially disclose sensitive information and execute arbitrary code on the system. This vulnerability represents a serious security risk that could compromise the integrity and confidentiality of systems running Rockwell Automation Arena.

CVE-2025-3287 CVSS:8.5

A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.

CVE-2025-3286 CVSS:8.5

A local code execution vulnerability exists in Rockwell Automation Arena® where a threat actor can read outside the allocated memory buffer due to improper validation of user-supplied data. If exploited, the attacker can disclose information and execute arbitrary code on the system. To trigger this vulnerability, a legitimate user must open a malicious DOE file, which allows the threat actor to perform unauthorized actions.

CVE-2025-2829 CVSS:8.5

A local code execution vulnerability has been discovered in Rockwell Automation Arena®. The issue stems from improper validation of user-supplied data, which allows a threat actor to write outside of the allocated memory buffer. If exploited, an attacker can potentially disclose system information and execute arbitrary code. To trigger this vulnerability, a legitimate user must open a malicious DOE file, enabling the threat actor to perform unauthorized actions on the system.

CVE-2025-2285 CVSS:8.5

A local code execution vulnerability exists in Rockwell Automation Arena® because of an uninitialized pointer. The flaw stems from improper validation of user-supplied data. If exploited, a threat actor can disclose information and execute arbitrary code on the system. To trigger the vulnerability, a legitimate user must open a malicious DOE file.

CVE-2025-2286 CVSS:8.5

A local code execution vulnerability has been discovered in Rockwell Automation Arena®. The flaw stems from an uninitialized pointer and stems from improper validation of user-supplied data. If exploited, a threat actor could potentially disclose sensitive information and execute arbitrary code on the system. To trigger the vulnerability, a legitimate user must open a malicious DOE file.

CVE-2025-2287 CVSS:8.5

A local code execution vulnerability exists in Rockwell Automation Arena® because of an uninitialized pointer. The issue stems from improper validation of user-supplied data. If exploited, a threat actor can disclose information and execute arbitrary code on the system. To trigger the vulnerability, a legitimate user must open a malicious DOE file.

CVE-2025-2288 CVSS:8.5

A local code execution vulnerability exists in the Rockwell Automation Arena® because of improper data validation. The flaw allows a threat actor to write outside the allocated memory buffer. If a legitimate user opens a malicious DOE file, an attacker could potentially disclose system information and execute arbitrary code on the system.

CVE-2025-2293 CVSS:8.5

A local code execution vulnerability exists in Rockwell Automation Arena® where a threat actor can write outside the allocated memory buffer due to improper validation of user-supplied data. The vulnerability allows an attacker to disclose information and execute arbitrary code on the system. To trigger the issue, a legitimate user must open a malicious DOE file, which could potentially compromise the system's security.

Impact

  • Code Execution
  • Information Disclosure
  • Buffer Overflow

Indicators of Compromise

CVE

  • CVE-2025-2285

  • CVE-2025-2286

  • CVE-2025-2287

  • CVE-2025-2288

  • CVE-2025-2293

  • CVE-2025-2829

  • CVE-2025-3285

  • CVE-2025-3286

  • CVE-2025-3287

  • CVE-2025-3288

  • CVE-2025-3289

Affected Vendors

Rockwell Automation

Affected Products

  • Rockwell Automation Arena - 16.20.08

Remediation

Refer to Rockwell Automation Security Advisory for patch, upgrade, or suggested workaround information.

Rockwell Automation Security Advisory