ICSA-23-131-10 · Published 2023-05-12 · View on CISA ICS-CERT ↗

Rockwell Automation Arena Simulation Software

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow a malicious user to commit unauthorized arbitrary code to the software using a memory buffer overflow.

CVEs (3)

CVE-2023-29460 CVE-2023-29461 CVE-2023-29462

Remediations

Rockwell Automation recommends upgrading the affected product software to 16.20.01.
Rockwell Automation encourages users to implement their suggested security best practices to minimize exploitation risk of these vulnerabilities.
For additional information, refer to Rockwell Automation's Security Bulletin.

Affected Vendors

Rockwell Automation

Affected Products (1)

Rockwell Automation · Arena Simulation Software 16.20.01

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more