PN1024 | Arena Simulation Software Denial of Service

Version 1.0 – May 10, 2018

Rockwell Automation received a report from Ariele Caltabiano at Zero Day Initiative regarding a potential vulnerability in certain versions of Arena® Simulation Software for Manufacturing that, if successfully exploited, can cause a crash of the software application (Denial of Service) and cause a user to potentially lose unsaved data. Arena is a simulation software that helps customers analyze business ideas, rules, and strategies before real-life implementation in their business and control systems.

Customers using affected versions of this software are encouraged to evaluate the mitigations provided below and implement the applicable mitigations to their deployed products. Additional details relating to the discovered vulnerability, including affected products and recommended countermeasures, are provided herein.

AFFECTED PRODUCTS

Arena Simulation Software for Manufacturing, Cat. 9502-Ax, Versions 15.10.00 and earlier

VULNERABILITY DETAILS

If a maliciously crafted Arena file (meaning the content of the file is invalid, unexpected, and/or random) is sent to an unsuspecting victim who is tricked (via social-engineering techniques) into opening the file in Arena, the software application will crash and result in the potential loss of any unsaved data. The victim will need to restart Arena to continue use.

Note: There are also valid reasons why a file may not open in Arena. To learn more about these circumstances, please see Article ID 1073702.

Rockwell Automation evaluated the vulnerability using the Common Vulnerability Scoring System ("CVSS") v3.0. A CVSS v3 base score of 5.5/10 has been assigned. For a better understanding of how this score was generated, please follow this link with the CVSS v3 vector string: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

RISK MITIGATIONS AND RECOMMENDED USER ACTIONS

Customers using the affected versions of Arena are encouraged to install the updated revision of software that addresses the associated risk. Customers who are unable to update are directed to the risk mitigation strategies provided below, and are encouraged, when possible, to combine these with secondary mitigations.

1. Customers using Arena v15.00.00 or earlier are encouraged to update Arena to v15.10.01 or later (Download).
2. Do not open untrusted .doe files with Arena Simulation Software.
3. Run all software as User, not as an Administrator, to minimize the impact of malicious code on the infected system.
4. Use trusted software, software patches, anti-virus/anti-malware programs and interact only with trusted websites and attachments.
5. Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack.
6. Refer to 546987 - Rockwell Automation Customer Hardening Guidelines for our latest published guidelines for PC hardening and software security.
7. Use of Microsoft AppLocker or other similar Whitelisting application can help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at https://rockwellautomation.custhelp.com/app/answers/detail/a_id/546989
8. Ensure that the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum amount of rights as needed.

For further information on the Vulnerability Handling Process for Rockwell Automation, please refer to our Product Security Incident Response FAQ document.

Refer to our Industrial Network Architectures Page for comprehensive information about implementing validated architectures designed to complement security solutions.

Refer to the Network Services Overview Page for information on network and security services for Rockwell Automation to enable assessment, design, implementation and management of validated, secure network architectures.

We also recommend concerned customers continue to monitor this advisory by subscribing to updates on the Security Advisory Index for Rockwell Automation, located at: 54102 - Industrial Security Advisory Index.

Rockwell Automation remains committed to making security enhancements to our systems in the future. For more information and for assistance with assessing the state of security of your existing control system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site.

If you have questions regarding this notice, please send an email to our product security inbox at: secure@ra.rockwell.com.

ADDITIONAL LINKS

• 54102 - Industrial Security Advisory Index

REVISION HISTORY