Vulnerabilities > CVE-2019-13511 - Use After Free vulnerability in Rockwellautomation Arena Simulation Software 16.00.00

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

rockwellautomation

CWE-416

NVD

Published: 2019-08-15

Updated: 2021-10-28

Summary

Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation.

Vulnerable Configurations

Part	Description	Count
Application	Rockwellautomation Rockwellautomation Arena Simulation Software - Rockwellautomation Arena Simulation Software 16.00.00	2

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://www.us-cert.gov/ics/advisories/icsa-19-213-05
https://www.zerodayinitiative.com/advisories/ZDI-20-814/
https://www.zerodayinitiative.com/advisories/ZDI-20-812/
https://www.zerodayinitiative.com/advisories/ZDI-20-813/
https://www.zerodayinitiative.com/advisories/ZDI-20-810/
https://www.zerodayinitiative.com/advisories/ZDI-20-811/