CVE-2019-13510 - Vulnerability Details

Vendors	Products
Rockwellautomation	Arena

Link	Providers
https://www.us-cert.gov/ics/advisories/icsa-19-213-05
https://www.zerodayinitiative.com/advisories/ZDI-19-1000/
https://www.zerodayinitiative.com/advisories/ZDI-19-800/
https://www.zerodayinitiative.com/advisories/ZDI-19-801/
https://www.zerodayinitiative.com/advisories/ZDI-19-994/
https://www.zerodayinitiative.com/advisories/ZDI-19-998/
https://www.zerodayinitiative.com/advisories/ZDI-19-999/
https://www.zerodayinitiative.com/advisories/ZDI-20-926/
https://www.zerodayinitiative.com/advisories/ZDI-20-927/
https://www.zerodayinitiative.com/advisories/ZDI-20-928/
https://www.zerodayinitiative.com/advisories/ZDI-20-929/
https://www.zerodayinitiative.com/advisories/ZDI-20-930/
https://www.zerodayinitiative.com/advisories/ZDI-20-931/

Type	Values Removed	Values Added
First Time appeared		Rockwellautomation arena
CPEs	cpe:2.3:a:rockwellautomation:arena_simulation_software::::::::	cpe:2.3:a:rockwellautomation:arena::::::::
Vendors & Products	Rockwellautomation arena Simulation Software	Rockwellautomation arena

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier", "vendor": "n/a", "versions": [{"status": "affected", "version": "Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier"}]}], "descriptions": [{"lang": "en", "value": "Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "USE AFTER FREE CWE-416 (CVE-2019-13510)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-08-04T14:06:08", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-800/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-801/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-994/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-999/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-998/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1000/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-927/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-931/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-926/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-929/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-928/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-930/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-13510", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier", "version": {"version_data": [{"version_value": "Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "USE AFTER FREE CWE-416 (CVE-2019-13510)"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-800/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-800/"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-801/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-801/"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-994/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-994/"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-999/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-999/"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-998/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-998/"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-1000/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1000/"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-927/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-927/"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-931/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-931/"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-926/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-926/"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-929/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-929/"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-928/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-928/"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-930/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-930/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:57:39.494Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-800/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-801/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-994/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-999/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-998/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1000/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-927/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-931/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-926/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-929/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-928/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-930/"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-13510", "datePublished": "2019-08-15T18:15:24", "dateReserved": "2019-07-11T00:00:00", "dateUpdated": "2024-08-04T23:57:39.494Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-416 (string)

description : USE AFTER FREE CWE-416 (CVE-2019-13510) (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-08-04T14:06:08 (string)

orgId : 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6 (string)

shortName : icscert (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.us-cert.gov/ics/advisories/icsa-19-213-05 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-19-800/ (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-19-801/ (string)

}

3 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-19-994/ (string)

}

4 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-19-999/ (string)

}

5 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-19-998/ (string)

}

6 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-19-1000/ (string)

}

7 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-20-927/ (string)

}

8 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-20-931/ (string)

}

9 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-20-926/ (string)

}

10 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-20-929/ (string)

}

11 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-20-928/ (string)

}

12 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-20-930/ (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : ics-cert@hq.dhs.gov (string)

ID : CVE-2019-13510 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier (string)

version : { »

version_data : [ »

0 : { »

version_value : Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : USE AFTER FREE CWE-416 (CVE-2019-13510) (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.us-cert.gov/ics/advisories/icsa-19-213-05 (string)

refsource : MISC (string)

url : https://www.us-cert.gov/ics/advisories/icsa-19-213-05 (string)

}

1 : { »

name : https://www.zerodayinitiative.com/advisories/ZDI-19-800/ (string)

refsource : MISC (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-19-800/ (string)

}

2 : { »

name : https://www.zerodayinitiative.com/advisories/ZDI-19-801/ (string)

refsource : MISC (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-19-801/ (string)

}

3 : { »

name : https://www.zerodayinitiative.com/advisories/ZDI-19-994/ (string)

refsource : MISC (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-19-994/ (string)

}

4 : { »

name : https://www.zerodayinitiative.com/advisories/ZDI-19-999/ (string)

refsource : MISC (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-19-999/ (string)

}

5 : { »

name : https://www.zerodayinitiative.com/advisories/ZDI-19-998/ (string)

refsource : MISC (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-19-998/ (string)

}

6 : { »

name : https://www.zerodayinitiative.com/advisories/ZDI-19-1000/ (string)

refsource : MISC (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-19-1000/ (string)

}

7 : { »

name : https://www.zerodayinitiative.com/advisories/ZDI-20-927/ (string)

refsource : MISC (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-20-927/ (string)

}

8 : { »

name : https://www.zerodayinitiative.com/advisories/ZDI-20-931/ (string)

refsource : MISC (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-20-931/ (string)

}

9 : { »

name : https://www.zerodayinitiative.com/advisories/ZDI-20-926/ (string)

refsource : MISC (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-20-926/ (string)

}

10 : { »

name : https://www.zerodayinitiative.com/advisories/ZDI-20-929/ (string)

refsource : MISC (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-20-929/ (string)

}

11 : { »

name : https://www.zerodayinitiative.com/advisories/ZDI-20-928/ (string)

refsource : MISC (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-20-928/ (string)

}

12 : { »

name : https://www.zerodayinitiative.com/advisories/ZDI-20-930/ (string)

refsource : MISC (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-20-930/ (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T23:57:39.494Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.us-cert.gov/ics/advisories/icsa-19-213-05 (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-19-800/ (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-19-801/ (string)

}

3 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-19-994/ (string)

}

4 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-19-999/ (string)

}

5 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-19-998/ (string)

}

6 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-19-1000/ (string)

}

7 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-20-927/ (string)

}

8 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-20-931/ (string)

}

9 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-20-926/ (string)

}

10 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-20-929/ (string)

}

11 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-20-928/ (string)

}

12 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-20-930/ (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6 (string)

assignerShortName : icscert (string)

cveId : CVE-2019-13510 (string)

datePublished : 2019-08-15T18:15:24 (string)

dateReserved : 2019-07-11T00:00:00 (string)

dateUpdated : 2024-08-04T23:57:39.494Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:arena:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E10639E-C9C9-44BC-8184-041CE16114F9", "versionEndIncluding": "16.00.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code."}, {"lang": "es", "value": "Rockwell Automation Arena Simulation Software versiones 16.00.00 y anteriores, contiene una vulnerabilidad de USO DE MEMORIA PREVIAMENTE LIBERADA CWE-416. Un archivo Arena dise\u00f1ado maliciosamente abierto por parte de un usuario desprevenido puede resultar en el bloqueo de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2019-13510", "lastModified": "2024-12-17T15:52:51.450", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-15T19:15:10.873", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1000/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-800/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-801/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-994/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-998/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-999/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-926/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-927/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-928/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-929/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-930/"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-931/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1000/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-800/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-801/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-994/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-998/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-999/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-926/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-927/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-928/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-929/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-930/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-931/"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:rockwellautomation:arena:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9E10639E-C9C9-44BC-8184-041CE16114F9 (string)

versionEndIncluding : 16.00.00 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. (string)

}

1 : { »

lang : es (string)

value : Rockwell Automation Arena Simulation Software versiones 16.00.00 y anteriores, contiene una vulnerabilidad de USO DE MEMORIA PREVIAMENTE LIBERADA CWE-416. Un archivo Arena diseñado maliciosamente abierto por parte de un usuario desprevenido puede resultar en el bloqueo de la aplicación o la ejecución de código arbitrario. (string)

}

]

id : CVE-2019-13510 (string)

lastModified : 2024-12-17T15:52:51.450 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-08-15T19:15:10.873 (string)

references : [ »

0 : { »

source : ics-cert@hq.dhs.gov (string)

tags : [ »

0 : Mitigation (string)

1 : Third Party Advisory (string)

2 : US Government Resource (string)

]

url : https://www.us-cert.gov/ics/advisories/icsa-19-213-05 (string)

}

1 : { »

source : ics-cert@hq.dhs.gov (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-19-1000/ (string)

}

2 : { »

source : ics-cert@hq.dhs.gov (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-19-800/ (string)

}

3 : { »

source : ics-cert@hq.dhs.gov (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-19-801/ (string)

}

4 : { »

source : ics-cert@hq.dhs.gov (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-19-994/ (string)

}

5 : { »

source : ics-cert@hq.dhs.gov (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-19-998/ (string)

}

6 : { »

source : ics-cert@hq.dhs.gov (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-19-999/ (string)

}

7 : { »

source : ics-cert@hq.dhs.gov (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-20-926/ (string)

}

8 : { »

source : ics-cert@hq.dhs.gov (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-20-927/ (string)

}

9 : { »

source : ics-cert@hq.dhs.gov (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-20-928/ (string)

}

10 : { »

source : ics-cert@hq.dhs.gov (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-20-929/ (string)

}

11 : { »

source : ics-cert@hq.dhs.gov (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-20-930/ (string)

}

12 : { »

source : ics-cert@hq.dhs.gov (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-20-931/ (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mitigation (string)

1 : Third Party Advisory (string)

2 : US Government Resource (string)

]

url : https://www.us-cert.gov/ics/advisories/icsa-19-213-05 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-19-1000/ (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-19-800/ (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-19-801/ (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-19-994/ (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-19-998/ (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-19-999/ (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-20-926/ (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-20-927/ (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-20-928/ (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-20-929/ (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-20-930/ (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.zerodayinitiative.com/advisories/ZDI-20-931/ (string)

}

]

sourceIdentifier : ics-cert@hq.dhs.gov (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-416 (string)

}

]

source : ics-cert@hq.dhs.gov (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-416 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object