Loading

PN1621 | Arena® Simulation – Multiple Vulnerabilities

Severity:
High
Advisory ID:
PN1621
Date de publication:
May 09, 2023
Date de la dernière mise à jour:
September 08, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
Non
Corrected:
Non
Workaround:
Non
CVE IDs
CVE-2023-29460,
CVE-2023-29462,
CVE-2023-29461
Résumé
Arena® Simulation – Multiple Vulnerabilities

 

Revision Number
1.1
Revision History
Version 1.0 - May 9, 2023
Version 1.1 - September 8, 2025 - Update for better readability

Affected Products

Affected Product (automated) First Known in Software Version Corrected in Software Version
Arena® Simulation Software V16.00 16.20.01

Security Issue Details

Rockwell Automation used the latest version of the CVSS scoring system to assess the following security issues.

CVE-2023-29460 IMPACT
An arbitrary code execution security issue was reported to Rockwell Automation that could allow a threat actor to use unauthorized arbitrary code to the software by using a memory buffer overflow.

CVSS Base Score: 7.8
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-119 Incorrect Restriction of Operations in the Memory Buffer


Known Exploited Vulnerability (KEV) database: No

CVE-2023-29461 IMPACT
An arbitrary code execution security issue was reported to Rockwell Automation that could allow a threat actor to use unauthorized arbitrary code on the software by using a memory buffer overflow in the heap.
CVSS Base Score: 7.8
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-119 Incorrect Restriction of Operations in the Memory Buffer


Known Exploited Vulnerability (KEV) database: No

CVE-2023-29462 IMPACT
An arbitrary code execution seurity issue was reported to Rockwell Automation that could allow a threat actor to use unauthorized arbitrary code on the software by using a memory buffer overflow in the heap.

CVSS Base Score: 7.8
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-119 Incorrect Restriction of Operations in the Memory Buffer


Known Exploited Vulnerability (KEV) database: No

Customers can use Stakeholder-Specific Vulnerability Categorization to create more environment-specific categories.

Risk Mitigation & User Action

Customers using the affected software shoud use the below risk mitigations.
  • Upgrade to 16.20.01 which has been patched to mitigate these issues.
  • For information on how to mitigate Security Risks on industrial automation control systems (IACS) networks see the following publications:
    • System Security Design Guidelines Reference Manual publication, SECURE-RM001
    • Configure System Security Features User Manual, SECURE-UM001
  • Customer should use our QA43240 - Recommended Security Guidelines from Rockwell Automation to minimize risks..

Additional Resources

  • CVE-2023-29460 JSON
  • CVE-2023-29461 JSON
  • CVE-2023-29462 JSON

Glossary

Arbitrary Code Execution: an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process

Known Exploited Vulnerability (KEV) database: an official list of security flaws that attackers have actively exploited

Memory Buffer Overflow: occurs when a program writes more data to a buffer than it can hold. This can lead to data corruption, program crashes, or unintended behavior 

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Accueil Rockwell Automation Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
Veuillez mettre à jour vos préférences en matière de cookies pour continuer.
Cette fonctionnalité nécessite des cookies pour améliorer votre expérience. Veuillez mettre à jour vos préférences pour autoriser ces cookies:
  • Cookies de réseaux sociaux
  • Cookies fonctionnels
  • Cookies de performances
  • Cookies marketing
  • Tous les cookies
Vous pouvez mettre à jour vos préférences à tout moment. Pour plus d'informations, veuillez consulter notre {0} politique de confidentialité
CloseClose