CVE-2019-13511

Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation.

CVSS v3 3.3 LOW
CVSS v2.0 4.3 MEDIUM

3.3^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.us-cert.gov/ics/advisories/icsa-19-213-05	Mitigation Third Party Advisory US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-20-810/	Third Party Advisory VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-811/	Third Party Advisory VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-812/	Third Party Advisory VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-813/	Third Party Advisory VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-814/	Third Party Advisory VDB Entry
https://www.us-cert.gov/ics/advisories/icsa-19-213-05	Mitigation Third Party Advisory US Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-20-810/	Third Party Advisory VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-811/	Third Party Advisory VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-812/	Third Party Advisory VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-813/	Third Party Advisory VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-814/	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:rockwellautomation:arena:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-08-15 19:15

Updated : 2024-12-17 15:52

NVD link : CVE-2019-13511

Mitre link : CVE-2019-13511

CVE.ORG link : CVE-2019-13511

JSON object : View

Products Affected

rockwellautomation

arena

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-416

Use After Free

{"id": "CVE-2019-13511", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2019-08-15T19:15:10.950", "references": [{"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "[email protected]"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-810/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-811/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-812/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-813/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-814/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-810/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-811/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-812/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-813/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-814/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation."}, {"lang": "es", "value": "Rockwell Automation Arena Simulation Software versiones 16.00.00 y anteriores, contienen una EXPOSICI\u00d3N DE INFORMACI\u00d3N CWE-200. Un archivo Arena creado con fines maliciosos abierto por parte de un usuario desprevenido puede resultar en la exposici\u00f3n limitada de la informaci\u00f3n relacionada con la estaci\u00f3n de trabajo de destino."}], "lastModified": "2024-12-17T15:52:51.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:arena:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E10639E-C9C9-44BC-8184-041CE16114F9", "versionEndIncluding": "16.00.00"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}