CVE-2019-13510: Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability
First published: Thu Aug 15 2019(Updated: )
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwellautomation Arena Simulation Software | <=16.00.00 | |
| Rockwell Automation Arena Simulation |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.us-cert.gov/ics/advisories/icsa-19-213-05
- https://www.zerodayinitiative.com/advisories/ZDI-19-800/
- https://www.zerodayinitiative.com/advisories/ZDI-19-1000/
- https://www.zerodayinitiative.com/advisories/ZDI-19-801/
- https://www.zerodayinitiative.com/advisories/ZDI-19-994/
- https://www.zerodayinitiative.com/advisories/ZDI-19-998/
- https://www.zerodayinitiative.com/advisories/ZDI-19-999/
- https://www.zerodayinitiative.com/advisories/ZDI-20-926/
- https://www.zerodayinitiative.com/advisories/ZDI-20-927/
- https://www.zerodayinitiative.com/advisories/ZDI-20-928/
- https://www.zerodayinitiative.com/advisories/ZDI-20-929/
- https://www.zerodayinitiative.com/advisories/ZDI-20-930/
- https://www.zerodayinitiative.com/advisories/ZDI-20-931/
Frequently Asked Questions
What is CVE-2019-13510?
CVE-2019-13510 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation.
How can the CVE-2019-13510 vulnerability be exploited?
To exploit this vulnerability, user interaction is required, such as visiting a malicious page or opening a malicious file.
What is the affected software by CVE-2019-13510?
The affected software of CVE-2019-13510 is Rockwell Automation Arena Simulation.
What is the severity of CVE-2019-13510?
CVE-2019-13510 has a severity rating of 7.8 (High).
How can I mitigate the CVE-2019-13510 vulnerability?
To mitigate this vulnerability, it is recommended to ensure that software and systems are updated to the latest version provided by Rockwell Automation.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/title
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-20-928
- alias/ZDI-CAN-10556
- alias/CVE-2019-13510
- agent/software-canonical-lookup
- alias/ZDI-19-800
- alias/ZDI-CAN-8174
- alias/ZDI-20-930
- alias/ZDI-CAN-10558
- alias/ZDI-19-1000
- alias/ZDI-CAN-8624
- alias/ZDI-20-929
- alias/ZDI-CAN-10557
- alias/ZDI-20-927
- alias/ZDI-CAN-10555
- alias/ZDI-20-926
- alias/ZDI-CAN-10554
- alias/ZDI-19-998
- alias/ZDI-CAN-8600
- alias/ZDI-19-999
- alias/ZDI-CAN-8623
- alias/ZDI-19-994
- alias/ZDI-CAN-8683
- alias/ZDI-19-801
- alias/ZDI-CAN-8062
- alias/ZDI-20-931
- alias/ZDI-CAN-10559
- vendor/rockwellautomation
- canonical/rockwellautomation arena simulation software
- version/rockwellautomation arena simulation software/16.00.00
- vendor/rockwell automation
- canonical/rockwell automation arena simulation