ICSA-25-100-07 · Published 2025-05-06 · View on CISA ICS-CERT ↗

Rockwell Automation Arena

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could disclose information to an attacker or allow execution of arbitrary code on the system.

CVEs (11)

CVE-2025-2285 CVE-2025-2286 CVE-2025-2287 CVE-2025-2288 CVE-2025-2293 CVE-2025-2829 CVE-2025-3285 CVE-2025-3286 CVE-2025-3287 CVE-2025-3288 CVE-2025-3289

Remediations

Rockwell Automation recommends users upgrade to V16.20.09 or later.
For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.
For more information about these issues, please see the Rockwell Automation security advisory SD1726.

Affected Vendors

Rockwell Automation

Affected Products (1)

Rockwell Automation · Arena <=16.20.08

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more