CVE-2018-8843
published 2018-05-14CVE-2018-8843: Rockwell Automation Arena versions 15.10.00 and prior contains a use after free vulnerability caused by processing specially crafted Arena Simulation Software…
PriorityP422medium5.5CVSS 3.0
AVLACLPRNUIRSUCNINAH
EPSS
2.05%
78.8th percentile
Rockwell Automation Arena versions 15.10.00 and prior contains a use after free vulnerability caused by processing specially crafted Arena Simulation Software files that may cause the software application to crash, potentially losing any unsaved data..
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ics-cert | rockwell_automation_arena | — | — |
| rockwellautomation | arena | <= 15.10.00 | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r72j-mf7h-2cgh: Rockwell Automation Arena versions 15
ghsa_unreviewed·2022-05-13
CVE-2018-8843 [MEDIUM] CWE-416 GHSA-r72j-mf7h-2cgh: Rockwell Automation Arena versions 15
Rockwell Automation Arena versions 15.10.00 and prior contains a use after free vulnerability caused by processing specially crafted Arena Simulation Software files that may cause the software application to crash, potentially losing any unsaved data..
CISA ICS
Rockwell Automation Arena
cisa_ics·2018-05-10·CVSS 5.5
[MEDIUM] Rockwell Automation Arena
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation Arena
Last RevisedMay 10, 2018
Alert CodeICSA-18-130-02
## 1. EXECUTIVE SUMMARY
-
CVSS v3 5.5
- Vendor: Rockwell Automation
- Equipment: Arena
- Vulnerability: Use After Free
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could cause the software application to crash.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Arena, simulation software for manufacturing, are affected:
- Arena versions 15.10.00 and prior.
## 3.2 VULNERABILITY OVERVIEW
## 3.2.1 USE AFTER FREE CWE-416
A use after free vulnerabilit
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-05-14
Published