ICSA-19-213-05 · Published 2019-09-19 · View on CISA ICS-CERT ↗

Rockwell Automation Arena Simulation Software (Update B)

CVSS 8.6 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to cause a current Arena session to fault or enter a denial-of-service (DoS) state, allowing the attacker to run arbitrary code.

CVEs (5)

CVE-2019-13510 CVE-2019-13511 CVE-2019-13519 CVE-2019-13521 CVE-2019-13527

Remediations

Rockwell Automation has released Version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities.
Do not open untrusted .doe files with Arena Simulation Software.
Ensure all software is run as a User and not as an Administrator to minimize the impact of malicious code on the infected system.
Use trusted software, software patches, anti-virus/anti-malware programs, and interact only with trusted websites and attachments
For more information please see the Rockwell Automation security advisory (login required).

Affected Vendors

Rockwell Automation

Affected Products (1)

Rockwell Automation · Arena Simulation Software for Manufacturing Cat. 9502-Ax <= 16.00.00

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more