CVE-2024-12130 Rockwell Automation CVE debrief

Who should care

Engineering teams using Rockwell Automation Arena for discrete event simulation in manufacturing, logistics, and industrial process design; OT security practitioners responsible for protecting engineering workstations; asset owners in critical infrastructure sectors where Arena is deployed for process optimization and simulation activities.

Technical summary

The vulnerability stems from improper bounds checking when parsing DOE files in Rockwell Automation Arena simulation software. A threat actor can craft a malicious DOE file that, when opened by a legitimate user, triggers an out-of-bounds memory read. This memory safety violation can be leveraged to achieve arbitrary code execution. The attack vector is local, requiring user interaction to open the malicious file. The vulnerability is classified under CWE-125 (Out-of-bounds Read).

Defensive priority

HIGH

Recommended defensive actions

• Upgrade Rockwell Automation Arena to version 16.20.09 or later to remediate this vulnerability
• Do not open untrusted Arena model files or DOE files from unverified sources
• Hold the Control key when loading files to prevent VBA file stream from loading as a temporary mitigation
• Implement Rockwell Automation's security best practices for industrial control systems
• Apply network segmentation and least-privilege principles to limit exposure of engineering workstations
• Consider using CISA's Stakeholder-Specific Vulnerability Categorization (SSVC) for environment-specific prioritization

Evidence notes

CVE published 2024-12-10; advisory modified 2026-02-03 (Update B). CWE-125 (Out-of-bounds Read). Affected product: Rockwell Automation Arena ≤16.20.05. Fix version: 16.20.09 or later.

Official resources