Rockwell Automation Arena Simulation

Plan Patch7.8ICS-CERT ICSA-24-086-03Mar 26, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Arena Simulation Software version 16.00 contains multiple memory safety vulnerabilities (CWE-787 buffer overflow, CWE-416 use-after-free, CWE-122/119 buffer underflow/overrun) that allow arbitrary code execution or denial of service when a user opens a specially crafted simulation or project file. The vulnerabilities are not remotely exploitable and require user interaction to open an untrusted file.

What this means

What could happen

An attacker could crash Arena Simulation Software or execute arbitrary code on the system if they trick a user into opening a malicious file, potentially disrupting process modeling and simulation activities used for plant engineering and training.

Who's at risk

Engineering teams and process engineers who use Arena Simulation Software to model and optimize manufacturing processes, production lines, and logistics systems. Anyone running version 16.00 on engineering or planning workstations should prioritize patching. This affects organizations in manufacturing, automotive, pharmaceuticals, and other process industries that rely on Arena for discrete-event simulation.

How it could be exploited

An attacker crafts a malicious file (likely a project or simulation file) and tricks a user into opening it in Arena Simulation Software. The software fails to properly validate the file contents, allowing buffer overflow or use-after-free conditions to execute arbitrary code with the privileges of the user running the application.

Prerequisites

User must open a malicious Arena Simulation file from an untrusted source
Arena Simulation Software must be installed on a workstation
User interaction required to open the file

Local attack vector onlyUser interaction requiredLow complexity exploitationMultiple memory safety vulnerabilities (buffer overflow, use-after-free)

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

Arena Simulation Software: 16.0016.0016.20.03

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDDo not open untrusted Arena Simulation files or project files from unknown sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Arena Simulation Software to version 16.20.03 or later

Long-term hardening

0/1

HARDENINGImplement user security awareness training on opening files from untrusted sources

CVEs (6)

CVE-2024-21912 CVE-2024-21913 CVE-2024-2929 CVE-2024-21918 CVE-2024-21919 CVE-2024-21920

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b3bd650c-1172-4e5b-a0eb-35309bd540d4