Rockwell Automation has a software upgrade to mitigate a use after free vulnerability in its Arena product, according to a report with NCCIC.
Successful exploitation of this vulnerability, discovered by Ariele Caltabiano, working with Trend Micro’s Zero Day Initiative, could cause the software application to crash.
Simulation software for manufacturing, Arena versions 15.10.00 and prior suffer from the issue.
In the issue, a use after free vulnerability caused by processing specially crafted Arena Simulation Software files may cause the software application to crash, potentially losing any unsaved data.
CVE-2018-8843 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.5.
The product sees use mainly in the critical manufacturing sector. It also sees action on a global basis.
No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely. High skill level is needed to exploit.
Rockwell Automation encourages affected users to upgrade to the latest version of Arena software, v15.10.01 or later (login required).