CVE-2025-6376 (GCVE-0-2025-6376)

Vulnerability from cvelistv5 – Published: 2025-07-09 20:13 – Updated: 2025-07-09 20:33
VLAI?
Summary
A remote code execution security issue exists in the Rockwell Automation Arena®.  A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P.
Severity ?
7.1 (High)
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE
  • CWE-20 - Improper Input Validation
Assigner
References
Impacted products
Vendor Product Version
Rockwell Automation Arena® Affected: <=16.20.08
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6376",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-09T20:32:56.721742Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-09T20:33:10.343Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Arena\u00ae",
          "vendor": "Rockwell Automation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c=16.20.08"
            }
          ]
        }
      ],
      "datePublic": "2025-07-09T19:31:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA remote\ncode execution security issue exists in the Rockwell Automation\u0026nbsp;Arena\u00ae.\u0026nbsp;\u0026nbsp;A crafted DOE\nfile can force Arena Simulation to write beyond the boundaries of an allocated\nobject. Exploitation\nrequires user interaction, such as opening a malicious file within the software.\nIf exploited, a threat actor could execute arbitrary code on the target system.\nThe software must run under the context of the administrator in order to cause\nworse case impact. This is reflected in the Rockwell CVSS score, as AT:P.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "A remote\ncode execution security issue exists in the Rockwell Automation\u00a0Arena\u00ae.\u00a0\u00a0A crafted DOE\nfile can force Arena Simulation to write beyond the boundaries of an allocated\nobject. Exploitation\nrequires user interaction, such as opening a malicious file within the software.\nIf exploited, a threat actor could execute arbitrary code on the target system.\nThe software must run under the context of the administrator in order to cause\nworse case impact. This is reflected in the Rockwell CVSS score, as AT:P."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-09T20:13:45.320Z",
        "orgId": "b73dd486-f505-4403-b634-40b078b177f0",
        "shortName": "Rockwell"
      },
      "references": [
        {
          "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Corrected in v16.20.09 and later.\u0026nbsp;"
            }
          ],
          "value": "Corrected in v16.20.09 and later."
        }
      ],
      "source": {
        "advisory": "1729",
        "discovery": "EXTERNAL"
      },
      "title": "Arena\u00ae Simulation Out-Of-Bounds Write Remote Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
    "assignerShortName": "Rockwell",
    "cveId": "CVE-2025-6376",
    "datePublished": "2025-07-09T20:13:45.320Z",
    "dateReserved": "2025-06-19T17:03:53.212Z",
    "dateUpdated": "2025-07-09T20:33:10.343Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-6376\",\"sourceIdentifier\":\"PSIRT@rockwellautomation.com\",\"published\":\"2025-07-09T21:15:28.423\",\"lastModified\":\"2025-07-11T18:35:53.330\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A remote\\ncode execution security issue exists in the Rockwell Automation\u00a0Arena\u00ae.\u00a0\u00a0A crafted DOE\\nfile can force Arena Simulation to write beyond the boundaries of an allocated\\nobject. Exploitation\\nrequires user interaction, such as opening a malicious file within the software.\\nIf exploited, a threat actor could execute arbitrary code on the target system.\\nThe software must run under the context of the administrator in order to cause\\nworse case impact. This is reflected in the Rockwell CVSS score, as AT:P.\"},{\"lang\":\"es\",\"value\":\"Existe un problema de seguridad de ejecuci\u00f3n remota de c\u00f3digo en Rockwell Automation Arena\u00ae. Un archivo DOE manipulado puede obligar a Arena Simulation a escribir m\u00e1s all\u00e1 de los l\u00edmites de un objeto asignado. Su explotaci\u00f3n requiere la interacci\u00f3n del usuario, como abrir un archivo malicioso dentro del software. Si se explota, un atacante podr\u00eda ejecutar c\u00f3digo arbitrario en el sistema objetivo. El software debe ejecutarse bajo el contexto del administrador para causar un impacto a\u00fan mayor. Esto se refleja en la puntuaci\u00f3n CVSS de Rockwell, como AT:P.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"PSIRT@rockwellautomation.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"PSIRT@rockwellautomation.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rockwellautomation:arena:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"16.20.09\",\"matchCriteriaId\":\"B1CA47BE-FC9B-41AE-B939-C8FF636596A6\"}]}]}],\"references\":[{\"url\":\"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html\",\"source\":\"PSIRT@rockwellautomation.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-6376\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-09T20:32:56.721742Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-09T20:33:02.396Z\"}}], \"cna\": {\"title\": \"Arena\\u00ae Simulation Out-Of-Bounds Write Remote Code Execution Vulnerability\", \"source\": {\"advisory\": \"1729\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Rockwell Automation\", \"product\": \"Arena\\u00ae\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c=16.20.08\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Corrected in v16.20.09 and later.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Corrected in v16.20.09 and later.\u0026nbsp;\", \"base64\": false}]}], \"datePublic\": \"2025-07-09T19:31:00.000Z\", \"references\": [{\"url\": \"https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A remote\\ncode execution security issue exists in the Rockwell Automation\\u00a0Arena\\u00ae.\\u00a0\\u00a0A crafted DOE\\nfile can force Arena Simulation to write beyond the boundaries of an allocated\\nobject. Exploitation\\nrequires user interaction, such as opening a malicious file within the software.\\nIf exploited, a threat actor could execute arbitrary code on the target system.\\nThe software must run under the context of the administrator in order to cause\\nworse case impact. This is reflected in the Rockwell CVSS score, as AT:P.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eA remote\\ncode execution security issue exists in the Rockwell Automation\u0026nbsp;Arena\\u00ae.\u0026nbsp;\u0026nbsp;A crafted DOE\\nfile can force Arena Simulation to write beyond the boundaries of an allocated\\nobject. Exploitation\\nrequires user interaction, such as opening a malicious file within the software.\\nIf exploited, a threat actor could execute arbitrary code on the target system.\\nThe software must run under the context of the administrator in order to cause\\nworse case impact. This is reflected in the Rockwell CVSS score, as AT:P.\u003c/p\u003e\\n\\n\\n\\n\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"b73dd486-f505-4403-b634-40b078b177f0\", \"shortName\": \"Rockwell\", \"dateUpdated\": \"2025-07-09T20:13:45.320Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-6376\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-09T20:33:10.343Z\", \"dateReserved\": \"2025-06-19T17:03:53.212Z\", \"assignerOrgId\": \"b73dd486-f505-4403-b634-40b078b177f0\", \"datePublished\": \"2025-07-09T20:13:45.320Z\", \"assignerShortName\": \"Rockwell\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.