CVE-2025-6377
Severity CVSS v4.0:
HIGH
Type:
CWE-20
Input Validation
Publication date:
09/07/2025
Last modified:
10/07/2025
Description
A remote<br />
code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE<br />
file can force Arena Simulation to write beyond the boundaries of an allocated<br />
object. Exploitation<br />
requires user interaction, such as opening a malicious file within the software.<br />
If exploited, a threat actor could execute arbitrary code on the target system.<br />
The software must run under the context of the administrator in order to cause<br />
worse case impact. This is reflected in the Rockwell CVSS score, as AT:P.
Impact
Base Score 4.0
7.10
Severity 4.0
HIGH