Rockwell Automation has recently issued a security advisory that addresses multiple remote code execution (RCE) vulnerabilities found in its widely used Arena® software. These vulnerabilities, identified by the Zero Day Initiative (ZDI), pose a serious risk of exploitation by malicious actors seeking to execute arbitrary code on affected systems.
In response to these vulnerabilities, Rockwell Automation has released updated versions of the software that contain fixes for the identified security flaws. The company is strongly recommending that users apply these updates as soon as possible to mitigate the risks associated with potential exploitation.
The vulnerabilities affecting Arena® are categorized as high severity, with a CVSS v3.1 score of 7.8 and a CVSS v4.0 score of 8.5. There are four distinct security flaws that have been identified, each of which could allow a threat actor to gain unauthorized access to systems and execute arbitrary code after user interaction with malicious files.
The first vulnerability, CVE-2024-11155, is attributed to a “use after free” issue where the software reuses deallocated resources. This flaw could be exploited by coercing a user to interact with a maliciously crafted file, resulting in the execution of arbitrary code that could compromise system confidentiality, integrity, and availability.
The second vulnerability, CVE-2024-11156, involves an “out-of-bounds write” flaw that enables attackers to write data beyond the allocated memory boundary. This vulnerability could lead to system instability or arbitrary code execution, particularly for users who inadvertently execute malicious files.
The third vulnerability, CVE-2024-11158, stems from improper handling of uninitialized variables, allowing attackers to manipulate the software to access variables without proper initialization. This could result in code execution that compromises system stability and security.
The final vulnerability, CVE-2024-12130, relates to an “out-of-bounds read” flaw that permits attackers to access data beyond the allocated memory range. This could expose sensitive system information or facilitate further malicious activities when users interact with compromised files.
Various versions of Arena® are impacted by these vulnerabilities, with corrected versions detailed by Rockwell Automation to include fixes for the identified security flaws. Users are strongly encouraged to update to version 16.20.06 or later to ensure their systems are protected against potential exploitation.
While no known active exploitation of these vulnerabilities has been reported, Rockwell Automation emphasizes the importance of applying software updates promptly to mitigate any potential risks. The company also advises users to implement industry-standard best practices for securing industrial automation systems, including restricting access to critical systems, safeguarding user accounts, and minimizing interaction with untrusted files.
By proactively applying these updates and following recommended security measures, organizations can safeguard their Arena® systems against malicious actors and maintain uninterrupted operation in critical environments. Staying vigilant and prioritizing system protection according to unique operational needs will help mitigate the risks posed by these vulnerabilities and enhance overall cybersecurity resilience.