ICSA-23-299-04 · Published 2023-10-26 · View on CISA ICS-CERT ↗

Rockwell Automation Arena

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code by using a memory buffer overflow or using an uninitialized pointer in the application.

CVEs (2)

CVE-2023-27854 CVE-2023-27858

Remediations

Rockwell Automation recommends upgrading the affected product software to 16.20.01.
Rockwell Automation encourages users to implement their suggested security best practices to minimize exploitation risk of these vulnerabilities.
For additional information, refer to Rockwell Automation's Security Bulletin.

Affected Vendors

Rockwell Automation

Affected Products (1)

Rockwell Automation · Arena 16.20.00001

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more