July 9, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rhadamanthys Stealer – Active IOCs
April 10, 2025
Multiple Dell Products Vulnerabilities
April 10, 2025
Rhadamanthys Stealer – Active IOCs
April 10, 2025
Multiple Dell Products Vulnerabilities
April 10, 2025
Severity
High
Analysis Summary
CVE-2025-3289 CVSS:8.5
A local code execution vulnerability exists in Rockwell Automation Arena® stemming from a stack-based memory buffer overflow. The weakness happens because the software does not properly check user-supplied data. If triggered, this flaw allows a threat actor to disclose system information and run arbitrary code. To take advantage of this issue, a legitimate user must open a malicious DOE file.
CVE-2025-3288 CVSS:8.5
A local code execution vulnerability exists in Rockwell Automation Arena® due to inadequate data validation, allowing a threat actor to read beyond the allocated memory buffer. If exploited, the vulnerability could enable a threat actor to disclose system information and execute arbitrary code. To trigger the vulnerability, a legitimate user must open a malicious DOE file, which could potentially compromise the system's security.
CVE-2025-3285 CVSS:8.5
A local code execution vulnerability has been discovered in Rockwell Automation Arena®. The flaw stems from improper validation of user-supplied data, which allows a threat actor to read outside of the allocated memory buffer. If a legitimate user opens a malicious DOE file, an attacker could potentially disclose sensitive information and execute arbitrary code on the system. This vulnerability represents a serious security risk that could compromise the integrity and confidentiality of systems running Rockwell Automation Arena.
CVE-2025-3287 CVSS:8.5
A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVE-2025-3286 CVSS:8.5
A local code execution vulnerability exists in Rockwell Automation Arena® where a threat actor can read outside the allocated memory buffer due to improper validation of user-supplied data. If exploited, the attacker can disclose information and execute arbitrary code on the system. To trigger this vulnerability, a legitimate user must open a malicious DOE file, which allows the threat actor to perform unauthorized actions.
CVE-2025-2829 CVSS:8.5
A local code execution vulnerability has been discovered in Rockwell Automation Arena®. The issue stems from improper validation of user-supplied data, which allows a threat actor to write outside of the allocated memory buffer. If exploited, an attacker can potentially disclose system information and execute arbitrary code. To trigger this vulnerability, a legitimate user must open a malicious DOE file, enabling the threat actor to perform unauthorized actions on the system.
CVE-2025-2285 CVSS:8.5
A local code execution vulnerability exists in Rockwell Automation Arena® because of an uninitialized pointer. The flaw stems from improper validation of user-supplied data. If exploited, a threat actor can disclose information and execute arbitrary code on the system. To trigger the vulnerability, a legitimate user must open a malicious DOE file.
CVE-2025-2286 CVSS:8.5
A local code execution vulnerability has been discovered in Rockwell Automation Arena®. The flaw stems from an uninitialized pointer and stems from improper validation of user-supplied data. If exploited, a threat actor could potentially disclose sensitive information and execute arbitrary code on the system. To trigger the vulnerability, a legitimate user must open a malicious DOE file.
CVE-2025-2287 CVSS:8.5
A local code execution vulnerability exists in Rockwell Automation Arena® because of an uninitialized pointer. The issue stems from improper validation of user-supplied data. If exploited, a threat actor can disclose information and execute arbitrary code on the system. To trigger the vulnerability, a legitimate user must open a malicious DOE file.
CVE-2025-2288 CVSS:8.5
A local code execution vulnerability exists in the Rockwell Automation Arena® because of improper data validation. The flaw allows a threat actor to write outside the allocated memory buffer. If a legitimate user opens a malicious DOE file, an attacker could potentially disclose system information and execute arbitrary code on the system.
CVE-2025-2293 CVSS:8.5
A local code execution vulnerability exists in Rockwell Automation Arena® where a threat actor can write outside the allocated memory buffer due to improper validation of user-supplied data. The vulnerability allows an attacker to disclose information and execute arbitrary code on the system. To trigger the issue, a legitimate user must open a malicious DOE file, which could potentially compromise the system's security.
Impact
- Code Execution
- Information Disclosure
- Buffer Overflow
Indicators of Compromise
CVE
CVE-2025-2285
CVE-2025-2286
CVE-2025-2287
CVE-2025-2288
CVE-2025-2293
CVE-2025-2829
CVE-2025-3285
CVE-2025-3286
CVE-2025-3287
CVE-2025-3288
CVE-2025-3289
Affected Vendors
Rockwell Automation
Affected Products
- Rockwell Automation Arena - 16.20.08
Remediation
Refer to Rockwell Automation Security Advisory for patch, upgrade, or suggested workaround information.