Loading

PN1621 | Arena® Simulation – Multiple Vulnerabilities

Severity:
High
Advisory ID:
PN1621
Published Date:
May 09, 2023
Last Updated:
September 08, 2025
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
Não
Corrected:
Não
Workaround:
Não
CVE IDs
CVE-2023-29460,
CVE-2023-29462,
CVE-2023-29461
Summary
Arena® Simulation – Multiple Vulnerabilities

 

Revision Number
1.1
Revision History
Version 1.0 - May 9, 2023
Version 1.1 - September 8, 2025 - Update for better readability

Affected Products

Affected Product (automated) First Known in Software Version Corrected in Software Version
Arena® Simulation Software V16.00 16.20.01

Security Issue Details

Rockwell Automation used the latest version of the CVSS scoring system to assess the following security issues.

CVE-2023-29460 IMPACT
An arbitrary code execution security issue was reported to Rockwell Automation that could allow a threat actor to use unauthorized arbitrary code to the software by using a memory buffer overflow.

CVSS Base Score: 7.8
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-119 Incorrect Restriction of Operations in the Memory Buffer


Known Exploited Vulnerability (KEV) database: No

CVE-2023-29461 IMPACT
An arbitrary code execution security issue was reported to Rockwell Automation that could allow a threat actor to use unauthorized arbitrary code on the software by using a memory buffer overflow in the heap.
CVSS Base Score: 7.8
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-119 Incorrect Restriction of Operations in the Memory Buffer


Known Exploited Vulnerability (KEV) database: No

CVE-2023-29462 IMPACT
An arbitrary code execution seurity issue was reported to Rockwell Automation that could allow a threat actor to use unauthorized arbitrary code on the software by using a memory buffer overflow in the heap.

CVSS Base Score: 7.8
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-119 Incorrect Restriction of Operations in the Memory Buffer


Known Exploited Vulnerability (KEV) database: No

Customers can use Stakeholder-Specific Vulnerability Categorization to create more environment-specific categories.

Risk Mitigation & User Action

Customers using the affected software shoud use the below risk mitigations.
  • Upgrade to 16.20.01 which has been patched to mitigate these issues.
  • For information on how to mitigate Security Risks on industrial automation control systems (IACS) networks see the following publications:
    • System Security Design Guidelines Reference Manual publication, SECURE-RM001
    • Configure System Security Features User Manual, SECURE-UM001
  • Customer should use our QA43240 - Recommended Security Guidelines from Rockwell Automation to minimize risks..

Additional Resources

  • CVE-2023-29460 JSON
  • CVE-2023-29461 JSON
  • CVE-2023-29462 JSON

Glossary

Arbitrary Code Execution: an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process

Known Exploited Vulnerability (KEV) database: an official list of security flaws that attackers have actively exploited

Memory Buffer Overflow: occurs when a program writes more data to a buffer than it can hold. This can lead to data corruption, program crashes, or unintended behavior 

 

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Página inicial da Rockwell Automation Chevron RightChevron Right
  2. Chevron LeftChevron Left Trust Center Chevron RightChevron Right
  3. Chevron LeftChevron Left Industrial Security Adv Chevron RightChevron Right
  4. Chevron LeftChevron Left Industrial Security Advisory Detail Chevron RightChevron Right
Atualize suas preferências de cookies para continuar.
Este recurso requer cookies para melhorar sua experiência. Atualize suas preferências para permitir esses cookies:
  • Cookies de Redes Sociais
  • Cookies Funcionais
  • Cookies de Desempenho
  • Cookies de Marketing
  • Todos os Cookies
Você pode atualizar suas preferências a qualquer momento. Para mais informações, consulte nosso {0} Política de Privacidade
CloseClose