Vulnerabilities > CVE-2019-13511 - Use After Free vulnerability in Rockwellautomation Arena
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://www.us-cert.gov/ics/advisories/icsa-19-213-05
- https://www.us-cert.gov/ics/advisories/icsa-19-213-05
- https://www.zerodayinitiative.com/advisories/ZDI-20-810/
- https://www.zerodayinitiative.com/advisories/ZDI-20-810/
- https://www.zerodayinitiative.com/advisories/ZDI-20-811/
- https://www.zerodayinitiative.com/advisories/ZDI-20-811/
- https://www.zerodayinitiative.com/advisories/ZDI-20-812/
- https://www.zerodayinitiative.com/advisories/ZDI-20-812/
- https://www.zerodayinitiative.com/advisories/ZDI-20-813/
- https://www.zerodayinitiative.com/advisories/ZDI-20-813/
- https://www.zerodayinitiative.com/advisories/ZDI-20-814/
- https://www.zerodayinitiative.com/advisories/ZDI-20-814/