OTPulse
FeedAboutContact

Rockwell Automation Arena

Monitor5.5ICS-CERT ICSA-18-130-02May 10, 2018
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Arena versions 15.10.00 and earlier contain a use-after-free memory corruption vulnerability (CWE-416) that can crash the software application. The vulnerability requires local access, user interaction, and high skill level to exploit. No known public exploits exist.

What this means
What could happen
An attacker with local access to a machine running Arena could crash the software, disrupting engineering work and potentially delaying control system modifications or testing. Recovery requires restarting the application.
Who's at risk
Engineering teams and control system developers using Rockwell Automation Arena for ladder logic and control program development. Any organization running Arena on engineering workstations is affected if systems are not patched to version 15.10.01 or later.
How it could be exploited
An attacker would need to be present locally on the machine running Arena, craft a malicious input or file, and have a user open or interact with it through the Arena interface. The complexity is high and requires understanding of the memory corruption trigger.
Prerequisites
  • Local access to the machine running Arena
  • User interaction with Arena to trigger the vulnerability (e.g., opening a malicious file)
  • Arena version 15.10.00 or earlier
Low complexityLocal access only, not remotely exploitableUser interaction requiredNo active exploitation observed
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
Arena:≤ 15.10.0015.10.01
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGRestrict local physical and logical access to machines running Arena to authorized engineering personnel only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Arena software to version 15.10.01 or later from the Rockwell Automation support portal
Long-term hardening
0/2
HARDENINGImplement file integrity monitoring and access controls on shared drives or file servers where Arena files are stored to prevent malicious file uploads
HARDENINGTrain users on not opening files from untrusted sources and not installing unknown applications on engineering workstations
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/ab50cefd-dcad-408a-a67f-b3311ed4a886
Rockwell Automation Arena | CVSS 5.5 - OTPulse