ID

VAR-201908-0863


CVE

CVE-2019-13510


TITLE

Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability

Trust: 11.2

sources: ZDI: ZDI-19-999 // ZDI: ZDI-19-694 // ZDI: ZDI-20-929 // ZDI: ZDI-19-800 // ZDI: ZDI-19-801 // ZDI: ZDI-19-994 // ZDI: ZDI-20-926 // ZDI: ZDI-19-1000 // ZDI: ZDI-19-698 // ZDI: ZDI-20-931 // ZDI: ZDI-19-693 // ZDI: ZDI-19-699 // ZDI: ZDI-20-928 // ZDI: ZDI-20-927 // ZDI: ZDI-19-998 // ZDI: ZDI-19-692

DESCRIPTION

Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of DOE project files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. 9502-Ax) 16.00.00 and earlier versions have resource management error vulnerabilities. 9502-Ax) version 16.00.00 and earlier

Trust: 11.61

sources: NVD: CVE-2019-13510 // ZDI: ZDI-19-694 // ZDI: ZDI-19-692 // ZDI: ZDI-19-998 // ZDI: ZDI-20-927 // ZDI: ZDI-20-928 // ZDI: ZDI-19-699 // ZDI: ZDI-19-693 // ZDI: ZDI-19-999 // ZDI: ZDI-19-698 // ZDI: ZDI-19-1000 // ZDI: ZDI-20-926 // ZDI: ZDI-19-994 // ZDI: ZDI-19-801 // ZDI: ZDI-19-800 // ZDI: ZDI-20-929 // ZDI: ZDI-20-931 // CNVD: CNVD-2020-38699 // VULHUB: VHN-145364

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-38699

AFFECTED PRODUCTS

vendor:rockwell automationmodel:arena simulationscope: - version: -

Trust: 11.2

vendor:rockwellautomationmodel:arena simulation softwarescope:lteversion:16.00.00

Trust: 1.0

vendor:rockwellmodel:automation arena simulation softwarescope:lteversion:<=16.00.00

Trust: 0.6

sources: ZDI: ZDI-19-999 // ZDI: ZDI-19-694 // ZDI: ZDI-20-929 // ZDI: ZDI-19-800 // ZDI: ZDI-19-801 // ZDI: ZDI-19-994 // ZDI: ZDI-20-926 // ZDI: ZDI-19-1000 // ZDI: ZDI-19-698 // ZDI: ZDI-20-931 // ZDI: ZDI-19-693 // ZDI: ZDI-19-699 // ZDI: ZDI-20-928 // ZDI: ZDI-20-927 // ZDI: ZDI-19-998 // ZDI: ZDI-19-692 // CNVD: CNVD-2020-38699 // NVD: CVE-2019-13510

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2019-13510
value: HIGH

Trust: 11.2

nvd@nist.gov: CVE-2019-13510
value: HIGH

Trust: 1.0

CNVD: CNVD-2020-38699
value: MEDIUM

Trust: 0.6

VULHUB: VHN-145364
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-13510
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2020-38699
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-145364
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2019-13510
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 11.2

nvd@nist.gov: CVE-2019-13510
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: ZDI: ZDI-19-999 // ZDI: ZDI-19-694 // ZDI: ZDI-20-929 // ZDI: ZDI-19-800 // ZDI: ZDI-19-801 // ZDI: ZDI-19-994 // ZDI: ZDI-20-926 // ZDI: ZDI-19-1000 // ZDI: ZDI-19-698 // ZDI: ZDI-20-931 // ZDI: ZDI-19-693 // ZDI: ZDI-19-699 // ZDI: ZDI-20-928 // ZDI: ZDI-20-927 // ZDI: ZDI-19-998 // ZDI: ZDI-19-692 // CNVD: CNVD-2020-38699 // VULHUB: VHN-145364 // NVD: CVE-2019-13510

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.1

sources: VULHUB: VHN-145364 // NVD: CVE-2019-13510

PATCH

title:Rockwell Automation has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-19-213-05

Trust: 11.2

title:Patch for Rockwell Automation Arena Simulation Software Resource Management Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/225419

Trust: 0.6

sources: ZDI: ZDI-19-999 // ZDI: ZDI-19-694 // ZDI: ZDI-20-929 // ZDI: ZDI-19-800 // ZDI: ZDI-19-801 // ZDI: ZDI-19-994 // ZDI: ZDI-20-926 // ZDI: ZDI-19-1000 // ZDI: ZDI-19-698 // ZDI: ZDI-20-931 // ZDI: ZDI-19-693 // ZDI: ZDI-19-699 // ZDI: ZDI-20-928 // ZDI: ZDI-20-927 // ZDI: ZDI-19-998 // ZDI: ZDI-19-692 // CNVD: CNVD-2020-38699

EXTERNAL IDS

db:NVDid:CVE-2019-13510

Trust: 12.9

db:ZDIid:ZDI-19-999

Trust: 1.8

db:ZDIid:ZDI-20-929

Trust: 1.8

db:ZDIid:ZDI-19-800

Trust: 1.8

db:ZDIid:ZDI-19-801

Trust: 1.8

db:ZDIid:ZDI-19-994

Trust: 1.8

db:ZDIid:ZDI-20-926

Trust: 1.8

db:ZDIid:ZDI-19-1000

Trust: 1.8

db:ZDIid:ZDI-20-931

Trust: 1.8

db:ZDIid:ZDI-20-928

Trust: 1.8

db:ZDIid:ZDI-20-927

Trust: 1.8

db:ZDIid:ZDI-19-998

Trust: 1.8

db:ZDIid:ZDI-20-930

Trust: 1.1

db:ICS CERTid:ICSA-19-213-05

Trust: 1.1

db:ZDI_CANid:ZDI-CAN-8623

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8013

Trust: 0.7

db:ZDIid:ZDI-19-694

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10557

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8174

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8062

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8683

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10554

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8624

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8060

Trust: 0.7

db:ZDIid:ZDI-19-698

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10559

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8016

Trust: 0.7

db:ZDIid:ZDI-19-693

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8096

Trust: 0.7

db:ZDIid:ZDI-19-699

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10556

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-10555

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8600

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-8012

Trust: 0.7

db:ZDIid:ZDI-19-692

Trust: 0.7

db:CNVDid:CNVD-2020-38699

Trust: 0.7

db:CNNVDid:CNNVD-201908-151

Trust: 0.1

db:VULHUBid:VHN-145364

Trust: 0.1

sources: ZDI: ZDI-19-999 // ZDI: ZDI-19-694 // ZDI: ZDI-20-929 // ZDI: ZDI-19-800 // ZDI: ZDI-19-801 // ZDI: ZDI-19-994 // ZDI: ZDI-20-926 // ZDI: ZDI-19-1000 // ZDI: ZDI-19-698 // ZDI: ZDI-20-931 // ZDI: ZDI-19-693 // ZDI: ZDI-19-699 // ZDI: ZDI-20-928 // ZDI: ZDI-20-927 // ZDI: ZDI-19-998 // ZDI: ZDI-19-692 // CNVD: CNVD-2020-38699 // VULHUB: VHN-145364 // NVD: CVE-2019-13510

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-19-213-05

Trust: 12.3

url:https://www.zerodayinitiative.com/advisories/zdi-19-1000/

Trust: 1.1

url:https://www.zerodayinitiative.com/advisories/zdi-19-800/

Trust: 1.1

url:https://www.zerodayinitiative.com/advisories/zdi-19-801/

Trust: 1.1

url:https://www.zerodayinitiative.com/advisories/zdi-19-994/

Trust: 1.1

url:https://www.zerodayinitiative.com/advisories/zdi-19-998/

Trust: 1.1

url:https://www.zerodayinitiative.com/advisories/zdi-19-999/

Trust: 1.1

url:https://www.zerodayinitiative.com/advisories/zdi-20-926/

Trust: 1.1

url:https://www.zerodayinitiative.com/advisories/zdi-20-927/

Trust: 1.1

url:https://www.zerodayinitiative.com/advisories/zdi-20-928/

Trust: 1.1

url:https://www.zerodayinitiative.com/advisories/zdi-20-929/

Trust: 1.1

url:https://www.zerodayinitiative.com/advisories/zdi-20-930/

Trust: 1.1

url:https://www.zerodayinitiative.com/advisories/zdi-20-931/

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13510

Trust: 0.6

sources: ZDI: ZDI-19-999 // ZDI: ZDI-19-694 // ZDI: ZDI-20-929 // ZDI: ZDI-19-800 // ZDI: ZDI-19-801 // ZDI: ZDI-19-994 // ZDI: ZDI-20-926 // ZDI: ZDI-19-1000 // ZDI: ZDI-19-698 // ZDI: ZDI-20-931 // ZDI: ZDI-19-693 // ZDI: ZDI-19-699 // ZDI: ZDI-20-928 // ZDI: ZDI-20-927 // ZDI: ZDI-19-998 // ZDI: ZDI-19-692 // CNVD: CNVD-2020-38699 // VULHUB: VHN-145364 // NVD: CVE-2019-13510

CREDITS

kimiya of 9SG Security Team - kimiya@9sgsec.com

Trust: 7.7

sources: ZDI: ZDI-19-999 // ZDI: ZDI-19-694 // ZDI: ZDI-19-800 // ZDI: ZDI-19-801 // ZDI: ZDI-19-994 // ZDI: ZDI-19-1000 // ZDI: ZDI-19-698 // ZDI: ZDI-19-693 // ZDI: ZDI-19-699 // ZDI: ZDI-19-998 // ZDI: ZDI-19-692

SOURCES

db:ZDIid:ZDI-19-999
db:ZDIid:ZDI-19-694
db:ZDIid:ZDI-20-929
db:ZDIid:ZDI-19-800
db:ZDIid:ZDI-19-801
db:ZDIid:ZDI-19-994
db:ZDIid:ZDI-20-926
db:ZDIid:ZDI-19-1000
db:ZDIid:ZDI-19-698
db:ZDIid:ZDI-20-931
db:ZDIid:ZDI-19-693
db:ZDIid:ZDI-19-699
db:ZDIid:ZDI-20-928
db:ZDIid:ZDI-20-927
db:ZDIid:ZDI-19-998
db:ZDIid:ZDI-19-692
db:CNVDid:CNVD-2020-38699
db:VULHUBid:VHN-145364
db:NVDid:CVE-2019-13510

LAST UPDATE DATE

2024-11-20T22:28:53.078000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-999date:2019-12-09T00:00:00
db:ZDIid:ZDI-19-694date:2019-08-08T00:00:00
db:ZDIid:ZDI-20-929date:2020-08-04T00:00:00
db:ZDIid:ZDI-19-800date:2019-09-09T00:00:00
db:ZDIid:ZDI-19-801date:2019-09-09T00:00:00
db:ZDIid:ZDI-19-994date:2019-11-26T00:00:00
db:ZDIid:ZDI-20-926date:2020-08-04T00:00:00
db:ZDIid:ZDI-19-1000date:2019-12-09T00:00:00
db:ZDIid:ZDI-19-698date:2019-08-08T00:00:00
db:ZDIid:ZDI-20-931date:2020-08-04T00:00:00
db:ZDIid:ZDI-19-693date:2019-08-08T00:00:00
db:ZDIid:ZDI-19-699date:2019-08-08T00:00:00
db:ZDIid:ZDI-20-928date:2020-08-04T00:00:00
db:ZDIid:ZDI-20-927date:2020-08-04T00:00:00
db:ZDIid:ZDI-19-998date:2019-12-09T00:00:00
db:ZDIid:ZDI-19-692date:2019-08-08T00:00:00
db:CNVDid:CNVD-2020-38699date:2020-07-14T00:00:00
db:VULHUBid:VHN-145364date:2020-08-04T00:00:00
db:NVDid:CVE-2019-13510date:2020-08-04T15:15:10.173

SOURCES RELEASE DATE

db:ZDIid:ZDI-19-999date:2019-12-09T00:00:00
db:ZDIid:ZDI-19-694date:2019-08-08T00:00:00
db:ZDIid:ZDI-20-929date:2020-08-04T00:00:00
db:ZDIid:ZDI-19-800date:2019-09-09T00:00:00
db:ZDIid:ZDI-19-801date:2019-09-09T00:00:00
db:ZDIid:ZDI-19-994date:2019-11-26T00:00:00
db:ZDIid:ZDI-20-926date:2020-08-04T00:00:00
db:ZDIid:ZDI-19-1000date:2019-12-09T00:00:00
db:ZDIid:ZDI-19-698date:2019-08-08T00:00:00
db:ZDIid:ZDI-20-931date:2020-08-04T00:00:00
db:ZDIid:ZDI-19-693date:2019-08-08T00:00:00
db:ZDIid:ZDI-19-699date:2019-08-08T00:00:00
db:ZDIid:ZDI-20-928date:2020-08-04T00:00:00
db:ZDIid:ZDI-20-927date:2020-08-04T00:00:00
db:ZDIid:ZDI-19-998date:2019-12-09T00:00:00
db:ZDIid:ZDI-19-692date:2019-08-08T00:00:00
db:CNVDid:CNVD-2020-38699date:2020-07-14T00:00:00
db:VULHUBid:VHN-145364date:2019-08-15T00:00:00
db:NVDid:CVE-2019-13510date:2019-08-15T19:15:10.873