CVE-2025-11918

EPSS 0.01%
Veröffentlicht 14.11.2025 13:28:39
Zuletzt bearbeitet 17.11.2025 17:48:50
Quelle PSIRT@rockwellautomation.com
CVE-Watchlists
Login
Unerledigt
Login

Rockwell Automation Arena® Simulation Stack-Based Buffer Overflow Vulnerability

Rockwell Automation Arena® suffers from a
stack-based buffer overflow vulnerability. The specific flaw exists within the
parsing of DOE files. Local attackers are able to exploit this issue to
potentially execute arbitrary code on affected installations of Arena®. Exploiting
the vulnerability requires opening a malicious DOE file.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rockwellautomation ≫ Arena Version < 16.20.11

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.02

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
PSIRT@rockwellautomation.com	7.1	0	0	CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1763.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-11918

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-11918

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-11918

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-11918