ID

VAR-201908-0863


CVE

CVE-2019-13510


TITLE

Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability

Trust: 11.9

sources: ZDI: ZDI-19-999 // ZDI: ZDI-19-694 // ZDI: ZDI-20-929 // ZDI: ZDI-19-800 // ZDI: ZDI-19-801 // ZDI: ZDI-19-994 // ZDI: ZDI-20-926 // ZDI: ZDI-19-1000 // ZDI: ZDI-19-698 // ZDI: ZDI-20-931 // ZDI: ZDI-19-693 // ZDI: ZDI-20-928 // ZDI: ZDI-20-927 // ZDI: ZDI-19-697 // ZDI: ZDI-20-930 // ZDI: ZDI-19-998 // ZDI: ZDI-19-696

DESCRIPTION

Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of DOE files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. 9502-Ax) 16.00.00 and earlier versions have resource management error vulnerabilities

Trust: 12.15

sources: NVD: CVE-2019-13510 // ZDI: ZDI-19-694 // ZDI: ZDI-19-696 // ZDI: ZDI-19-998 // ZDI: ZDI-20-930 // ZDI: ZDI-19-697 // ZDI: ZDI-20-927 // ZDI: ZDI-20-928 // ZDI: ZDI-19-693 // ZDI: ZDI-19-999 // ZDI: ZDI-19-698 // ZDI: ZDI-19-1000 // ZDI: ZDI-20-926 // ZDI: ZDI-19-994 // ZDI: ZDI-19-801 // ZDI: ZDI-19-800 // ZDI: ZDI-20-929 // ZDI: ZDI-20-931 // CNVD: CNVD-2020-38699

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-38699

AFFECTED PRODUCTS

vendor:rockwell automationmodel:arena simulationscope: - version: -

Trust: 11.9

vendor:rockwellautomationmodel:arenascope:lteversion:16.00.00

Trust: 1.0

vendor:rockwellmodel:automation arena simulation softwarescope:lteversion:<=16.00.00

Trust: 0.6

sources: ZDI: ZDI-19-999 // ZDI: ZDI-19-694 // ZDI: ZDI-20-929 // ZDI: ZDI-19-800 // ZDI: ZDI-19-801 // ZDI: ZDI-19-994 // ZDI: ZDI-20-926 // ZDI: ZDI-19-1000 // ZDI: ZDI-19-698 // ZDI: ZDI-20-931 // ZDI: ZDI-19-693 // ZDI: ZDI-20-928 // ZDI: ZDI-20-927 // ZDI: ZDI-19-697 // ZDI: ZDI-20-930 // ZDI: ZDI-19-998 // ZDI: ZDI-19-696 // CNVD: CNVD-2020-38699 // NVD: CVE-2019-13510

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2019-13510
value: HIGH

Trust: 11.9

nvd@nist.gov: CVE-2019-13510
value: HIGH

Trust: 1.0

CNVD: CNVD-2020-38699
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201908-151
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-13510
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2020-38699
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

ZDI: CVE-2019-13510
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 11.9

nvd@nist.gov: CVE-2019-13510
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: ZDI: ZDI-19-999 // ZDI: ZDI-19-694 // ZDI: ZDI-20-929 // ZDI: ZDI-19-800 // ZDI: ZDI-19-801 // ZDI: ZDI-19-994 // ZDI: ZDI-20-926 // ZDI: ZDI-19-1000 // ZDI: ZDI-19-698 // ZDI: ZDI-20-931 // ZDI: ZDI-19-693 // ZDI: ZDI-20-928 // ZDI: ZDI-20-927 // ZDI: ZDI-19-697 // ZDI: ZDI-20-930 // ZDI: ZDI-19-998 // ZDI: ZDI-19-696 // CNVD: CNVD-2020-38699 // CNNVD: CNNVD-201908-151 // NVD: CVE-2019-13510

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.0

sources: NVD: CVE-2019-13510

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-151

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201908-151

PATCH

title:Rockwell Automation has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-19-213-05

Trust: 11.9

title:Patch for Rockwell Automation Arena Simulation Software Resource Management Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/225419

Trust: 0.6

title:Rockwell Automation Arena Simulation Software Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95913

Trust: 0.6

sources: ZDI: ZDI-19-999 // ZDI: ZDI-19-694 // ZDI: ZDI-20-929 // ZDI: ZDI-19-800 // ZDI: ZDI-19-801 // ZDI: ZDI-19-994 // ZDI: ZDI-20-926 // ZDI: ZDI-19-1000 // ZDI: ZDI-19-698 // ZDI: ZDI-20-931 // ZDI: ZDI-19-693 // ZDI: ZDI-20-928 // ZDI: ZDI-20-927 // ZDI: ZDI-19-697 // ZDI: ZDI-20-930 // ZDI: ZDI-19-998 // ZDI: ZDI-19-696 // CNVD: CNVD-2020-38699 // CNNVD: CNNVD-201908-151

EXTERNAL IDS

db:NVDid:CVE-2019-13510

Trust: 14.1

db:ZDIid:ZDI-19-999

Trust: 2.3

db:ZDIid:ZDI-20-929

Trust: 2.3

db:ZDIid:ZDI-19-800

Trust: 2.3

db:ZDIid:ZDI-19-801

Trust: 2.3

db:ZDIid:ZDI-19-994

Trust: 2.3

db:ZDIid:ZDI-20-926

Trust: 2.3

db:ZDIid:ZDI-19-1000

Trust: 2.3

db:ZDIid:ZDI-20-931

Trust: 2.3

db:ZDIid:ZDI-20-928

Trust: 2.3

db:ZDIid:ZDI-20-927

Trust: 2.3

db:ZDIid:ZDI-20-930

Trust: 2.3

db:ZDIid:ZDI-19-998

Trust: 2.3

db:ICS CERTid:ICSA-19-213-05

Trust: 1.6

db:ZDI_CANid:ZDI-CAN-8623

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8013

Trust: 0.7

db:ZDIid:ZDI-19-694

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10557

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8174

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8062

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8683

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10554

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8624

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8060

Trust: 0.7

db:ZDIid:ZDI-19-698

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10559

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8016

Trust: 0.7

db:ZDIid:ZDI-19-693

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10556

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10555

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8017

Trust: 0.7

db:ZDIid:ZDI-19-697

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10558

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8600

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8015

Trust: 0.7

db:ZDIid:ZDI-19-696

Trust: 0.7

db:CNVDid:CNVD-2020-38699

Trust: 0.6

db:ZDIid:ZDI-19-699

Trust: 0.6

db:AUSCERTid:ESB-2019.2900

Trust: 0.6

db:CNNVDid:CNNVD-201908-151

Trust: 0.6

sources: ZDI: ZDI-19-999 // ZDI: ZDI-19-694 // ZDI: ZDI-20-929 // ZDI: ZDI-19-800 // ZDI: ZDI-19-801 // ZDI: ZDI-19-994 // ZDI: ZDI-20-926 // ZDI: ZDI-19-1000 // ZDI: ZDI-19-698 // ZDI: ZDI-20-931 // ZDI: ZDI-19-693 // ZDI: ZDI-20-928 // ZDI: ZDI-20-927 // ZDI: ZDI-19-697 // ZDI: ZDI-20-930 // ZDI: ZDI-19-998 // ZDI: ZDI-19-696 // CNVD: CNVD-2020-38699 // CNNVD: CNNVD-201908-151 // NVD: CVE-2019-13510

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-19-213-05

Trust: 14.1

url:https://www.zerodayinitiative.com/advisories/zdi-19-1000/

Trust: 2.2

url:https://www.zerodayinitiative.com/advisories/zdi-19-994/

Trust: 2.2

url:https://www.zerodayinitiative.com/advisories/zdi-19-801/

Trust: 2.2

url:https://www.zerodayinitiative.com/advisories/zdi-20-931/

Trust: 2.2

url:https://www.zerodayinitiative.com/advisories/zdi-19-998/

Trust: 1.6

url:https://www.zerodayinitiative.com/advisories/zdi-19-800/

Trust: 1.6

url:https://www.zerodayinitiative.com/advisories/zdi-19-999/

Trust: 1.6

url:https://www.zerodayinitiative.com/advisories/zdi-20-926/

Trust: 1.6

url:https://www.zerodayinitiative.com/advisories/zdi-20-930/

Trust: 1.6

url:https://www.zerodayinitiative.com/advisories/zdi-20-929/

Trust: 1.6

url:https://www.zerodayinitiative.com/advisories/zdi-20-927/

Trust: 1.6

url:https://www.zerodayinitiative.com/advisories/zdi-20-928/

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-13510

Trust: 1.2

url:https://www.auscert.org.au/bulletins/esb-2019.2900/

Trust: 0.6

url:https://www.zerodayinitiative.com/advisories/zdi-19-699/

Trust: 0.6

sources: ZDI: ZDI-19-999 // ZDI: ZDI-19-694 // ZDI: ZDI-20-929 // ZDI: ZDI-19-800 // ZDI: ZDI-19-801 // ZDI: ZDI-19-994 // ZDI: ZDI-20-926 // ZDI: ZDI-19-1000 // ZDI: ZDI-19-698 // ZDI: ZDI-20-931 // ZDI: ZDI-19-693 // ZDI: ZDI-20-928 // ZDI: ZDI-20-927 // ZDI: ZDI-19-697 // ZDI: ZDI-20-930 // ZDI: ZDI-19-998 // ZDI: ZDI-19-696 // CNVD: CNVD-2020-38699 // CNNVD: CNNVD-201908-151 // NVD: CVE-2019-13510

CREDITS

kimiya of 9SG Security Team - kimiya@9sgsec.com

Trust: 7.7

sources: ZDI: ZDI-19-999 // ZDI: ZDI-19-694 // ZDI: ZDI-19-800 // ZDI: ZDI-19-801 // ZDI: ZDI-19-994 // ZDI: ZDI-19-1000 // ZDI: ZDI-19-698 // ZDI: ZDI-19-693 // ZDI: ZDI-19-697 // ZDI: ZDI-19-998 // ZDI: ZDI-19-696

SOURCES

db:ZDIid:ZDI-19-999
db:ZDIid:ZDI-19-694
db:ZDIid:ZDI-20-929
db:ZDIid:ZDI-19-800
db:ZDIid:ZDI-19-801
db:ZDIid:ZDI-19-994
db:ZDIid:ZDI-20-926
db:ZDIid:ZDI-19-1000
db:ZDIid:ZDI-19-698
db:ZDIid:ZDI-20-931
db:ZDIid:ZDI-19-693
db:ZDIid:ZDI-20-928
db:ZDIid:ZDI-20-927
db:ZDIid:ZDI-19-697
db:ZDIid:ZDI-20-930
db:ZDIid:ZDI-19-998
db:ZDIid:ZDI-19-696
db:CNVDid:CNVD-2020-38699
db:CNNVDid:CNNVD-201908-151
db:NVDid:CVE-2019-13510

LAST UPDATE DATE

2024-12-21T22:56:10.159000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-999date:2019-12-09T00:00:00
db:ZDIid:ZDI-19-694date:2019-08-08T00:00:00
db:ZDIid:ZDI-20-929date:2020-08-04T00:00:00
db:ZDIid:ZDI-19-800date:2019-09-09T00:00:00
db:ZDIid:ZDI-19-801date:2019-09-09T00:00:00
db:ZDIid:ZDI-19-994date:2019-11-26T00:00:00
db:ZDIid:ZDI-20-926date:2020-08-04T00:00:00
db:ZDIid:ZDI-19-1000date:2019-12-09T00:00:00
db:ZDIid:ZDI-19-698date:2019-08-08T00:00:00
db:ZDIid:ZDI-20-931date:2020-08-04T00:00:00
db:ZDIid:ZDI-19-693date:2019-08-08T00:00:00
db:ZDIid:ZDI-20-928date:2020-08-04T00:00:00
db:ZDIid:ZDI-20-927date:2020-08-04T00:00:00
db:ZDIid:ZDI-19-697date:2019-08-08T00:00:00
db:ZDIid:ZDI-20-930date:2020-08-04T00:00:00
db:ZDIid:ZDI-19-998date:2019-12-09T00:00:00
db:ZDIid:ZDI-19-696date:2019-08-08T00:00:00
db:CNVDid:CNVD-2020-38699date:2020-07-14T00:00:00
db:CNNVDid:CNNVD-201908-151date:2020-08-05T00:00:00
db:NVDid:CVE-2019-13510date:2024-12-17T15:52:51.450

SOURCES RELEASE DATE

db:ZDIid:ZDI-19-999date:2019-12-09T00:00:00
db:ZDIid:ZDI-19-694date:2019-08-08T00:00:00
db:ZDIid:ZDI-20-929date:2020-08-04T00:00:00
db:ZDIid:ZDI-19-800date:2019-09-09T00:00:00
db:ZDIid:ZDI-19-801date:2019-09-09T00:00:00
db:ZDIid:ZDI-19-994date:2019-11-26T00:00:00
db:ZDIid:ZDI-20-926date:2020-08-04T00:00:00
db:ZDIid:ZDI-19-1000date:2019-12-09T00:00:00
db:ZDIid:ZDI-19-698date:2019-08-08T00:00:00
db:ZDIid:ZDI-20-931date:2020-08-04T00:00:00
db:ZDIid:ZDI-19-693date:2019-08-08T00:00:00
db:ZDIid:ZDI-20-928date:2020-08-04T00:00:00
db:ZDIid:ZDI-20-927date:2020-08-04T00:00:00
db:ZDIid:ZDI-19-697date:2019-08-08T00:00:00
db:ZDIid:ZDI-20-930date:2020-08-04T00:00:00
db:ZDIid:ZDI-19-998date:2019-12-09T00:00:00
db:ZDIid:ZDI-19-696date:2019-08-08T00:00:00
db:CNVDid:CNVD-2020-38699date:2020-07-14T00:00:00
db:CNNVDid:CNNVD-201908-151date:2019-08-01T00:00:00
db:NVDid:CVE-2019-13510date:2019-08-15T19:15:10.873