CVE-2019-13519

Published: Jan 27, 2020Modified: Dec 17, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities.

Affected (1)

Products: Rockwellautomation: Arena

Rockwellautomation

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rockwellautomation Arena	Up to 16.00.00

Related CWEs

Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References (4)

https://www.us-cert.gov/ics/advisories/icsa-19-213-05

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.zerodayinitiative.com/advisories/ZDI-19-802/

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://www.us-cert.gov/ics/advisories/icsa-19-213-05

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://www.zerodayinitiative.com/advisories/ZDI-19-802/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.