There have been ten vulnerabilities addressed by Rockwell Automation in its FactoryTalk, PowerFlex, and Arena Simulation products in the past week

Organizations are also being informed about the vulnerabilities found in industrial automation giant’s products by the US cybersecurity agency CISA. The Arena Simulation software has been patched for six flaws described in one of the advisories. Five of the vulnerabilities are high-severity arbitrary code execution vulnerabilities, while one is medium-severity information disclosure and denial-of-service (DoS) vulnerability. The targeted user must be convinced to open a malicious file before the vulnerability can be exploited. The vulnerabilities were reported by Rockwell Automation researcher Michael Heinzl. His report of potentially serious vulnerabilities requiring the opening of specially crafted files is often credited by vendors. On Tuesday, Heinzl published his own advisories on his personal website regarding Arena Simulation software vulnerabilities. In late November 2023, the vendor was notified of the findings through CISA that it involved specially crafted DOE files. Two PowerFlex product vulnerabilities can be exploited for DoS attacks in a Rockwell Automation advisory published in recent days. Rockwell discovered a medium-severity security issue in FactoryTalk View ME during internal testing. The vulnerability has been patched with software updates.