Vulnerabilities > CVE-2019-13511 - Use After Free vulnerability in Rockwellautomation Arena Simulation Software 16.00.00

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

local

low complexity

rockwellautomation

CWE-416

NVD

Published: 2019-08-15

Updated: 2021-10-28

Summary

Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation.

Vulnerable Configurations

Part	Description	Count
Application	Rockwellautomation Rockwellautomation Arena Simulation Software - Rockwellautomation Arena Simulation Software 16.00.00	2

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://www.us-cert.gov/ics/advisories/icsa-19-213-05
https://www.zerodayinitiative.com/advisories/ZDI-20-814/
https://www.zerodayinitiative.com/advisories/ZDI-20-812/
https://www.zerodayinitiative.com/advisories/ZDI-20-813/
https://www.zerodayinitiative.com/advisories/ZDI-20-810/
https://www.zerodayinitiative.com/advisories/ZDI-20-811/