Rockwell Automation Warns of Multiple Code Execution Vulnerabilities in Arena

Rockwell Automation has issued a critical security advisory addressing multiple remote code execution (RCE) vulnerabilities discovered in its Arena® software.

These vulnerabilities, reported by the Zero Day Initiative (ZDI), expose systems to potential exploitation by adversaries looking to execute arbitrary code.

With the release of updated software versions, Rockwell Automation has taken corrective action and strongly urges users to apply the fixes promptly.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Critical Vulnerabilities Identified

The vulnerabilities affect Arena®, a widely used simulation modeling tool. Four separate security flaws have been identified, each of which could allow a threat actor to gain unauthorized access to systems and execute arbitrary code after user interaction with malicious files.

These vulnerabilities have been classified as high severity, with a CVSS v3.1 score of 7.8 and a CVSS v4.0 score of 8.5. The following outlines the nature of these threats:

CVE-2024-11155

This vulnerability, CVE-2024-11155 stems from a “use after free” issue where the software reuses deallocated resources.

If successfully exploited, an attacker can execute arbitrary code by coercing a user to interact with a maliciously crafted DOE file. The exploit requires user interaction and could significantly impact system confidentiality, integrity, and availability.

CVE-2044-11156

CVE-2024-11156, An “out-of-bounds write” vulnerability allows attackers to write data outside the allocated memory boundary.

This flaw can lead to system instability or arbitrary code execution. Users who inadvertently execute malicious files are at particular risk.

CVE-2024-11158

CVE-2024-11158, Exploitation of this vulnerability is possible due to improper handling of uninitialized variables.

Attackers could use this flaw to manipulate the software, forcing it to access variables that lack proper initialization. A successful attack could allow code execution, compromising system stability and security.

CVE-2024-12130

The final vulnerability, CVE-2024-12130 involves an “out-of-bounds read” flaw, which could allow attackers to access data beyond the allocated memory range.

This can expose sensitive system information or lead to further malicious activities when users interact with compromised DOE files.

Affected Products

The vulnerabilities impact various versions of Arena®. Affected and corrected versions are detailed below:

CVE ID	Affected Software Versions	Corrected in Version
CVE-2024-11155	All versions 16.20.00 and prior	16.20.06 and later
CVE-2044-11156	All versions 16.20.03 and prior	16.20.06 and later
CVE-2024-11158	All versions 16.20.00 and prior	16.20.06 and later
CVE-2024-12130	All versions 16.20.03 and prior	16.20.06 and later

Rockwell Automation has resolved these vulnerabilities in the updated Arena® software version 16.20.06 and later.

The updates address the flaws effectively, mitigating the risks posed by potential exploitation. Users operating on versions before 16.20.03 are advised to upgrade immediately to ensure their systems are protected.

No workarounds are available at this time. However, Rockwell Automation recommends that customers implement the provided updates and follow industry-standard best practices for securing industrial automation systems.

These measures include restricting access to critical systems, ensuring user accounts are safeguarded, and minimizing interaction with untrusted files.

Although no known active exploitation of these vulnerabilities has been reported, Rockwell Automation emphasizes the urgency of applying software updates to mitigate any potential risks.

The organization also encourages users to conduct stakeholder-specific vulnerability assessments to prioritize system protection according to their unique operational needs.

By staying proactive and applying these fixes, organizations can safeguard their Arena® systems against malicious actors and ensure uninterrupted operation in critical environments.

Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses