Rockwell Arena® Simulation Out-Of-Bounds Write Remote Code Execution Vulnerability

Monitor7.8SD1729Jul 9, 2025

Summary

Rockwell Arena Simulation contains an out-of-bounds write vulnerability that could allow remote code execution. The vulnerability exists in all versions of the product.

What this means

What could happen

An attacker could execute arbitrary code on systems running Arena Simulation, potentially allowing them to manipulate simulation parameters, inject false data into process models, or compromise the integrity of control system design and testing environments.

Who's at risk

This affects any organization using Rockwell Arena Simulation for control system modeling, simulation, and design validation. This includes utilities, manufacturers, and engineering firms that use Arena to test PLC logic, process flows, and automation sequences before deployment to live systems.

How it could be exploited

An attacker with network access to Arena Simulation could send a specially crafted request that triggers an out-of-bounds write condition in memory. By writing to memory outside the intended buffer, the attacker could overwrite executable code and achieve remote code execution on the system running Arena Simulation.

Prerequisites

Network access to Arena Simulation service/port
Arena Simulation installed and running
No authentication required to trigger the vulnerability

remotely exploitableno authentication requiredno patch availableaffects design/testing environments

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

Arena Simulation Out-Of-BoundsAll versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDIsolate Arena Simulation systems from external network access using firewall rules—restrict connections to authorized engineering workstations only

WORKAROUNDDisable Arena Simulation services if not actively in use

Mitigations - no patch available

0/1

Arena Simulation Out-Of-Bounds has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGMonitor the Rockwell Automation security advisory page for patched versions when they become available

CVEs (2)

CVE-2025-6377 CVE-2025-6376

View full Rockwell Automation advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/77c6a2ba-a563-40c5-8504-666ca7b4442c