Sunday, April 13, 2025
HomeCVE/vulnerabilityRockwell Automation Warns of Multiple Code Execution Vulnerabilities in Arena

Rockwell Automation Warns of Multiple Code Execution Vulnerabilities in Arena

Published on

SIEM as a Service

Follow Us on Google News

Rockwell Automation has issued a critical security advisory addressing multiple remote code execution (RCE) vulnerabilities discovered in its Arena® software.

These vulnerabilities, reported by the Zero Day Initiative (ZDI), expose systems to potential exploitation by adversaries looking to execute arbitrary code.

With the release of updated software versions, Rockwell Automation has taken corrective action and strongly urges users to apply the fixes promptly.

- Advertisement - Google News

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Critical Vulnerabilities Identified

The vulnerabilities affect Arena®, a widely used simulation modeling tool. Four separate security flaws have been identified, each of which could allow a threat actor to gain unauthorized access to systems and execute arbitrary code after user interaction with malicious files.

These vulnerabilities have been classified as high severity, with a CVSS v3.1 score of 7.8 and a CVSS v4.0 score of 8.5. The following outlines the nature of these threats:

CVE-2024-11155

This vulnerability, CVE-2024-11155 stems from a “use after free” issue where the software reuses deallocated resources.

If successfully exploited, an attacker can execute arbitrary code by coercing a user to interact with a maliciously crafted DOE file. The exploit requires user interaction and could significantly impact system confidentiality, integrity, and availability.

CVE-2044-11156

CVE-2024-11156, An “out-of-bounds write” vulnerability allows attackers to write data outside the allocated memory boundary.

This flaw can lead to system instability or arbitrary code execution. Users who inadvertently execute malicious files are at particular risk.

CVE-2024-11158

CVE-2024-11158, Exploitation of this vulnerability is possible due to improper handling of uninitialized variables.

Attackers could use this flaw to manipulate the software, forcing it to access variables that lack proper initialization. A successful attack could allow code execution, compromising system stability and security.

CVE-2024-12130

The final vulnerability, CVE-2024-12130 involves an “out-of-bounds read” flaw, which could allow attackers to access data beyond the allocated memory range.

This can expose sensitive system information or lead to further malicious activities when users interact with compromised DOE files.

Affected Products

The vulnerabilities impact various versions of Arena®. Affected and corrected versions are detailed below:

CVE IDAffected Software VersionsCorrected in Version
CVE-2024-11155All versions 16.20.00 and prior16.20.06 and later
CVE-2044-11156All versions 16.20.03 and prior16.20.06 and later
CVE-2024-11158All versions 16.20.00 and prior16.20.06 and later
CVE-2024-12130All versions 16.20.03 and prior16.20.06 and later

Rockwell Automation has resolved these vulnerabilities in the updated Arena® software version 16.20.06 and later.

The updates address the flaws effectively, mitigating the risks posed by potential exploitation. Users operating on versions before 16.20.03 are advised to upgrade immediately to ensure their systems are protected.

No workarounds are available at this time. However, Rockwell Automation recommends that customers implement the provided updates and follow industry-standard best practices for securing industrial automation systems.

These measures include restricting access to critical systems, ensuring user accounts are safeguarded, and minimizing interaction with untrusted files.

Although no known active exploitation of these vulnerabilities has been reported, Rockwell Automation emphasizes the urgency of applying software updates to mitigate any potential risks.

The organization also encourages users to conduct stakeholder-specific vulnerability assessments to prioritize system protection according to their unique operational needs.

By staying proactive and applying these fixes, organizations can safeguard their Arena® systems against malicious actors and ensure uninterrupted operation in critical environments.

Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Threat Actors Manipulate Search Results to Lure Users to Malicious Websites

Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate...

Hackers Imitate Google Chrome Install Page on Google Play to Distribute Android Malware

Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as...

Dangling DNS Attack Allows Hackers to Take Over Organization’s Subdomain

Hackers are exploiting what's known as "Dangling DNS" records to take over corporate subdomains,...

HelloKitty Ransomware Returns, Launching Attacks on Windows, Linux, and ESXi Environments

Security researchers and cybersecurity experts have recently uncovered new variants of the notorious HelloKitty...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Threat Actors Manipulate Search Results to Lure Users to Malicious Websites

Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate...

Hackers Imitate Google Chrome Install Page on Google Play to Distribute Android Malware

Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as...

Dangling DNS Attack Allows Hackers to Take Over Organization’s Subdomain

Hackers are exploiting what's known as "Dangling DNS" records to take over corporate subdomains,...