CVE-2019-13527
published 2019-09-24CVE-2019-13527: In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user…
PriorityP340high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
5.29%
91.5th percentile
In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rockwellautomation | arena | <= 16.00.00 | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation Arena Simulation Software (Update B)
cisa_ics·2019-09-05·CVSS 7.8
[HIGH] Rockwell Automation Arena Simulation Software (Update B)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Rockwell Automation Arena Simulation Software (Update B)
Last RevisedSeptember 20, 2019
Alert CodeICSA-19-213-05
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.6
- ATTENTION: Low skill level to exploit
- Vendor: Rockwell Automation
- Equipment: Arena Simulation Software
--------- Begin Update B Part 1 of 2 ---------
- Vulnerabilities: Use After Free, Information Exposure, Type Confusion, Insufficient UI Warning of Dangerous Operations, Access of Uninitialized Pointer
--------- End Update B Part 1 of 2 ---------
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the ad
GHSA
GHSA-9mrg-xwfh-j524: In Rockwell Automation Arena Simulation Software Cat
ghsa_unreviewed·2022-05-24
CVE-2019-13527 [HIGH] CWE-824 GHSA-9mrg-xwfh-j524: In Rockwell Automation Arena Simulation Software Cat
In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-09-24
Published