Rockwell Automation has released updates for its Arena and FactoryTalk Activation Manager products to address various types of vulnerabilities, including a critical flaw that can allow remote code execution.
Both ICS-CERT and Rockwell Automation have released advisories describing the security holes and mitigations, but the vendor’s advisories are only available to registered users.
FactoryTalk Activation Manager, a tool designed for managing licensed content and activating Rockwell software products, uses the Wibu-Systems CodeMeter and FlexNet Publisher license management applications.
Wibu-Systems CodeMeter is affected by a cross-site scripting (XSS) vulnerability that can be exploited to inject arbitrary code via a field in a configuration file, allowing attackers to access sensitive information or alter the impacted HTML page. The issue is tracked as CVE-2017-13754 and is considered low severity.
FlexNet Publisher, on the other hand, is affected by a critical buffer overflow (CVE-2015-8277) that can allow a remote attacker to execute arbitrary code.
“A custom string copying function of Imgrd.exe (the license server manager in FlexNet Publisher) and flexsvr.exe does not use proper bounds checking on incoming data, potentially allowing a remote, unauthenticated user to send crafted messages with the intent of causing a buffer overflow,” Rockwell said in its advisory.
The vulnerabilities impact FactoryTalk Activation Manager 4.00.02 and 4.01, which include Wibu-Systems CodeMeter v6.50b and earlier, and FactoryTalk Activation Manager v4.00.02 and earlier, which include FlexNet Publisher v11.11.1.1 and earlier.
FactoryTalk Automation Manager is used by more than two dozen Rockwell products – users can consult a list provided by the vendor and ICS-CERT to see if they are affected. Updating Automation Manager to version 4.02 patches the vulnerabilities. Alternatively, CodeMeter can be updated to a compatible version.
Learn More at SecurityWeek’s 2018 ICS Cyber Security Conference
Separate advisories published recently by Rockwell and ICS-CERT describe a medium severity denial-of-service (DoS) vulnerability affecting Arena, a simulation software for the manufacturing sector. Arena is designed to help organizations identify process bottlenecks, evaluate process changes, improve logistics, and increase throughput.
Researcher Ariele Caltabiano informed Rockwell through Trend Micro’s Zero Day Initiative (ZDI) that Arena is affected by a use-after-free vulnerability that can be exploited to crash the software by convincing the targeted user to open a specially crafted file. Crashing the application could lead to the user losing unsaved data.
Rockwell says the flaw, tracked as CVE-2018-8843, affects Arena Simulation Software for Manufacturing versions 15.10.00 and earlier, and it has been patched with the release of version 15.10.01.
Related: Rockwell Automation Switches Exposed to Attacks by Cisco IOS Flaws
Related: Rockwell Automation Patches Serious Flaw in MicroLogix 1400 PLC

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- Apple Denies Helping US Government Hack Russian iPhones
- Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
Latest News
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
