Vulnerabilities > CVE-2019-13519 - Type Confusion vulnerability in Rockwellautomation Arena Simulation 16.00.00

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

rockwellautomation

CWE-843

NVD

Published: 2020-01-27

Updated: 2020-02-03

Summary

A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities.

Vulnerable Configurations

Part	Description	Count
Application	Rockwellautomation Rockwellautomation Arena Simulation - Rockwellautomation Arena Simulation 16.00.00	2

Common Weakness Enumeration (CWE)

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

References

https://www.us-cert.gov/ics/advisories/icsa-19-213-05
https://www.zerodayinitiative.com/advisories/ZDI-19-802/