Rockwell Automation Arena Simulation Software (Update A) (ICSA-19-213-05)

September 5, 2019

The NCCIC has updated this advisory with additional details on the nature of the vulnerabilities, the technical details of the affected products, and mitigation measures. Read the advisory at CISA.

August 1, 2019

The NCCIC has published an advisory on use after free and information exposure vulnerabilities in Rockwell Automation Arena Simulation Software. Versions 16.00.00 and earlier are affected. Successful exploitation of these vulnerabilities could allow an attacker to cause a current Arena session to fault or enter a denial-of-service (DoS) state, allowing the attacker to run arbitrary code. Rockwell Automation has released Version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities. It also recommends users take a series of steps. The NCCIC also advises of a series of measures for mitigating the vulnerability. Read the advisory at CISA.