Rockwell Automation Vulnerabilities Let Attackers Execute Remote Code


Rockwell Automation, a leading provider of industrial automation solutions, has disclosed multiple critical vulnerabilities in its Arena software that could allow attackers to execute remote code.

The company has released security updates to address these high-severity flaws, urging users to upgrade to the latest version immediately.

Four distinct vulnerabilities have been identified in Arena software versions 16.20.03 and prior:

  1. CVE-2024-11155: A “use after free” vulnerability
  2. CVE-2044-11156: An “out of bounds write” vulnerability
  3. CVE-2024-11158: An “uninitialized variable” vulnerability
  4. CVE-2024-12130: An “out of bounds read” vulnerability

All four vulnerabilities have been assigned a CVSS v3.1 base score of 7.8 and a CVSS v4.0 base score of 8.5, indicating their high severity.

Rockwell Automation experts discovered that the vulnerabilities can be exploited by crafting malicious DOE files that manipulate memory allocation and resource usage in the Arena software.

While the attack requires a legitimate user to execute the malicious code, the potential impact is significant.

Free Webinar on Best Practices for API vulnerability & Penetration Testing:  Free Registration

Technical Analysis

If successfully exploited, these vulnerabilities could allow an attacker to:-

  • Execute arbitrary code on the affected system
  • Gain unauthorized access to sensitive information
  • Potentially disrupt industrial operations

Rockwell Automation has released version 16.20.06 of the Arena software, which addresses all four vulnerabilities. Users are strongly advised to upgrade to this version or later to mitigate the risk.

Additionally, the company recommends implementing security best practices for industrial automation control systems to minimize vulnerability risks. These may include:-

  • Restricting network access to critical systems
  • Implementing robust access controls
  • Regularly monitoring systems for suspicious activities
  • Keeping all software and firmware up to date

This disclosure highlights the ongoing cybersecurity challenges faced by the industrial automation sector. As critical infrastructure becomes increasingly connected, the potential impact of such vulnerabilities grows more severe.

Organizations relying on Rockwell Automation’s Arena software should prioritize this update to ensure the security and integrity of their operations.

The vulnerabilities were reported through the Zero Day Initiative (ZDI), underscoring the importance of responsible disclosure and collaboration between security researchers and vendors in identifying and addressing potential threats to industrial systems.

Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses



Source link