Loading

PN1621 | Arena® Simulation – Multiple Vulnerabilities

Severity:
High
Advisory ID:
PN1621
公開日:
May 09, 2023
最終更新日:
September 08, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
いいえ
Corrected:
いいえ
Workaround:
いいえ
CVE IDs
CVE-2023-29460,
CVE-2023-29462,
CVE-2023-29461
概要
Arena® Simulation – Multiple Vulnerabilities

 

Revision Number
1.1
Revision History
Version 1.0 - May 9, 2023
Version 1.1 - September 8, 2025 - Update for better readability

Affected Products

Affected Product (automated) First Known in Software Version Corrected in Software Version
Arena® Simulation Software V16.00 16.20.01

Security Issue Details

Rockwell Automation used the latest version of the CVSS scoring system to assess the following security issues.

CVE-2023-29460 IMPACT
An arbitrary code execution security issue was reported to Rockwell Automation that could allow a threat actor to use unauthorized arbitrary code to the software by using a memory buffer overflow.

CVSS Base Score: 7.8
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-119 Incorrect Restriction of Operations in the Memory Buffer


Known Exploited Vulnerability (KEV) database: No

CVE-2023-29461 IMPACT
An arbitrary code execution security issue was reported to Rockwell Automation that could allow a threat actor to use unauthorized arbitrary code on the software by using a memory buffer overflow in the heap.
CVSS Base Score: 7.8
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-119 Incorrect Restriction of Operations in the Memory Buffer


Known Exploited Vulnerability (KEV) database: No

CVE-2023-29462 IMPACT
An arbitrary code execution seurity issue was reported to Rockwell Automation that could allow a threat actor to use unauthorized arbitrary code on the software by using a memory buffer overflow in the heap.

CVSS Base Score: 7.8
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-119 Incorrect Restriction of Operations in the Memory Buffer


Known Exploited Vulnerability (KEV) database: No

Customers can use Stakeholder-Specific Vulnerability Categorization to create more environment-specific categories.

Risk Mitigation & User Action

Customers using the affected software shoud use the below risk mitigations.
  • Upgrade to 16.20.01 which has been patched to mitigate these issues.
  • For information on how to mitigate Security Risks on industrial automation control systems (IACS) networks see the following publications:
    • System Security Design Guidelines Reference Manual publication, SECURE-RM001
    • Configure System Security Features User Manual, SECURE-UM001
  • Customer should use our QA43240 - Recommended Security Guidelines from Rockwell Automation to minimize risks..

Additional Resources

  • CVE-2023-29460 JSON
  • CVE-2023-29461 JSON
  • CVE-2023-29462 JSON

Glossary

Arbitrary Code Execution: an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process

Known Exploited Vulnerability (KEV) database: an official list of security flaws that attackers have actively exploited

Memory Buffer Overflow: occurs when a program writes more data to a buffer than it can hold. This can lead to data corruption, program crashes, or unintended behavior 

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left ロックウェル・オートメーションのホーム Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust & Security Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
を続行するには、クッキーの設定を更新してください.
この機能には、お客様の利便性を向上させるためにクッキーが必要です。これらのクッキーを許可するように設定を更新してください:
  • ソーシャルメディア・クッキー
  • 機能性クッキー
  • パフォーマンスクッキー
  • マーケティングクッキー
  • 全てのクッキー
いつでも設定を更新することができます。詳しくは{0}をご覧ください プライバシーポリシー
CloseClose