ICSA-24-345-06 · Published 2026-02-03 · View on CISA ICS-CERT ↗

Rockwell Automation Arena (Update B)

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could result in execution of arbitrary code.

CVE-2024-11155 CVE-2024-11156 CVE-2024-11158 CVE-2024-12130 CVE-2024-11157 CVE-2024-12175 CVE-2024-12672 CVE-2024-11364 CVE-2025-6377 CVE-2025-6376

Rockwell Automation recommends users upgrade to V16.20.09 or later.
Rockwell Automation encourages users of the affected software to apply the following risk mitigations, if possible.
Do not load untrusted Arena model files.
Hold the control key down when loading files to help prevent the VBA file stream from loading.
For information on how to mitigate security risks on industrial automation control systems, Rockwell Automation encourages users to implement their suggested security best practices (login required) to minimize the risk of the vulnerability.
Stakeholder-Specific Vulnerability Categorization can be used to generate more environment-specific prioritization.
For more information about these issues, please see the Rockwell Automation security advisory.

Rockwell Automation

Rockwell Automation · Arena <=16.20.00

Rockwell Automation · Arena <=16.20.03

Rockwell Automation · Arena <=16.20.05

Rockwell Automation · Arena <=16.20.06

Rockwell Automation · Arena <=16.20.08

Rockwell Automation · Arena 32 bit <=16.20.07

Rockwell Automation · Arena 32 bit <=16.20.06

Critical Manufacturing

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.