IM
IronMonkey Threat Research
‹ Back to ICS Advisories

Rockwell Automation Arena

HIGH
CVSS 7.8
Date 2026-07-16T06:00:00+00:00
Source cisa-csaf
Published by CISA

// Description

Successful exploitation these vulnerabilities could allow an attacker to execute arbitrary code in the context of the current process.

// Vulnerabilities (4)

CVE ID CVSS Score Severity Description
CVE-2026-8313 7.8 high
A security issue exists within Arena Simulation due to a memory corruption vulnerability in the linker.exe (Siman) component. The vulnerability stems from improper validation of user-supplied data, which can result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process by convincing a user to open a malicious file.
CVE-2026-8314 7.8 high
A security issue exists within Arena Simulation due to a memory corruption vulnerability in the siman.exe (Siman) component. The vulnerability stems from improper validation of user-supplied data, which can result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process by convincing a user to open a malicious file.
CVE-2026-8312 7.8 high
A security issue exists within Arena Simulation due to a memory corruption vulnerability in the expmt.exe (Siman) component. The vulnerability stems from improper validation of user-supplied data, which can result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process by convincing a user to open a malicious file.
CVE-2026-8085 7.8 high
A security issue exists within Arena Simulation due to a memory corruption vulnerability in the model.exe (Siman) component. The vulnerability stems from improper validation of user-supplied data, which can result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process by convincing a user to open a malicious file.

// Remediations (1)

Mitigation: Rockwell Automation recommends users to update to V17.00.01
Rockwell Automation recommends users to update to V17.00.01

// References