CVE-2024-6068 Rockwell Automation CVE debrief

Who should care

Organizations using Rockwell Automation Arena Input Analyzer in industrial control system environments, particularly those processing DFT files from external or untrusted sources. Security teams responsible for OT/ICS asset management and patch management should prioritize this update.

Technical summary

The vulnerability exists in the DFT file parsing functionality of Rockwell Automation Input Analyzer v16.20.00. Memory corruption during parsing can be triggered when a legitimate user opens a crafted malicious DFT file. Successful exploitation enables local threat actors to achieve information disclosure and arbitrary code execution. The attack vector is local, requires low privileges, and depends on user interaction (opening the malicious file). The confidentiality, integrity, and availability impacts are all rated HIGH.

Defensive priority

HIGH

Recommended defensive actions

• Update Arena Input Analyzer to version 16.20.04 or later per vendor guidance.
• Implement security best practices for industrial automation control systems as recommended by Rockwell Automation.
• Review Rockwell Automation's security advisory for additional mitigation information.
• Exercise caution when opening DFT files from untrusted sources.
• Apply defense-in-depth strategies for industrial control systems environments.

Evidence notes

Source: CISA CSAF advisory ICSA-24-319-15. Affected product: Rockwell Automation Arena Input Analyzer <=v16.20.03. Vendor fix available in version 16.20.04 or later.

Official resources