ICSA-24-086-03 · Published 2024-03-26 · View on CISA ICS-CERT ↗

Rockwell Automation Arena Simulation

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could crash the application or allow an attacker to run harmful code on the system.

CVE-2024-21912 CVE-2024-21913 CVE-2024-2929 CVE-2024-21918 CVE-2024-21919 CVE-2024-21920

Rockwell Automation recommends upgrading the affected product software to 16.20.03.
Rockwell Automation encourages users of the affected software to apply the risk mitigations, if possible:
Do not open untrusted files from unknown sources.
For information on how to mitigate security risks on industrial automation control systems, we encourage customers to implement our suggested security best practices to minimize the risk of the vulnerability.Customers can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
For additional information, refer to Rockwell Automation's security advisory.

Rockwell Automation

Rockwell Automation · Arena Simulation Software 16.00

Food and Agriculture, Healthcare and Public Health, Critical Manufacturing, Transportation Systems

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.