CVE-2025-6377
HIGH
7.8
Our Analysis: Embedded
Our model has classified this vulnerability as relevant to Embedded Systems, helping your team prioritize efforts effectively.
Published Date
July 9, 2025
Last Modified
July 11, 2025
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description
A remote
code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE
file can force Arena Simulation to write beyond the boundaries of an allocated
object. Exploitation
requires user interaction, such as opening a malicious file within the software.
If exploited, a threat actor could execute arbitrary code on the target system.
The software must run under the context of the administrator in order to cause
worse case impact. This is reflected in the Rockwell CVSS score, as AT:P.