Details of VAR-201908-0863

ID

VAR-201908-0863

CVE

CVE-2019-13510

TITLE

Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability

Trust: 11.9

sources: ZDI: ZDI-19-999 // ZDI: ZDI-19-694 // ZDI: ZDI-20-929 // ZDI: ZDI-19-800 // ZDI: ZDI-19-801 // ZDI: ZDI-19-994 // ZDI: ZDI-20-926 // ZDI: ZDI-19-1000 // ZDI: ZDI-19-698 // ZDI: ZDI-20-931 // ZDI: ZDI-19-699 // ZDI: ZDI-20-928 // ZDI: ZDI-20-927 // ZDI: ZDI-19-697 // ZDI: ZDI-20-930 // ZDI: ZDI-19-998 // ZDI: ZDI-19-696

DESCRIPTION

Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of DOE project files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. 9502-Ax) version 16.00.00 and earlier

Trust: 11.7

sources: NVD: CVE-2019-13510 // ZDI: ZDI-19-694 // ZDI: ZDI-19-696 // ZDI: ZDI-19-998 // ZDI: ZDI-20-930 // ZDI: ZDI-19-697 // ZDI: ZDI-20-927 // ZDI: ZDI-20-928 // ZDI: ZDI-19-699 // ZDI: ZDI-19-999 // ZDI: ZDI-19-698 // ZDI: ZDI-19-1000 // ZDI: ZDI-20-926 // ZDI: ZDI-19-994 // ZDI: ZDI-19-801 // ZDI: ZDI-19-800 // ZDI: ZDI-20-929 // ZDI: ZDI-20-931 // VULHUB: VHN-145364

AFFECTED PRODUCTS

vendor:	rockwell automation	model:	arena simulation	scope:	-	version:	-	Trust: 11.9
vendor:	rockwellautomation	model:	arena simulation software	scope:	lte	version:	16.00.00	Trust: 1.0

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2019-13510
value:	HIGH
Trust: 11.9
nvd@nist.gov:	CVE-2019-13510
value:	HIGH
Trust: 1.0
VULHUB:	VHN-145364
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-13510
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-145364
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ZDI:	CVE-2019-13510
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 11.9
nvd@nist.gov:	CVE-2019-13510
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.0

PROBLEMTYPE DATA

problemtype:

CWE-416

Trust: 1.1

sources: VULHUB: VHN-145364 // NVD: CVE-2019-13510

PATCH

title:

Rockwell Automation has issued an update to correct this vulnerability.

url:

https://www.us-cert.gov/ics/advisories/icsa-19-213-05

Trust: 11.9

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13510	Trust: 13.0
db:	ZDI	id:	ZDI-19-999	Trust: 1.8
db:	ZDI	id:	ZDI-20-929	Trust: 1.8
db:	ZDI	id:	ZDI-19-800	Trust: 1.8
db:	ZDI	id:	ZDI-19-801	Trust: 1.8
db:	ZDI	id:	ZDI-19-994	Trust: 1.8
db:	ZDI	id:	ZDI-20-926	Trust: 1.8
db:	ZDI	id:	ZDI-19-1000	Trust: 1.8
db:	ZDI	id:	ZDI-20-931	Trust: 1.8
db:	ZDI	id:	ZDI-20-928	Trust: 1.8
db:	ZDI	id:	ZDI-20-927	Trust: 1.8
db:	ZDI	id:	ZDI-20-930	Trust: 1.8
db:	ZDI	id:	ZDI-19-998	Trust: 1.8
db:	ICS CERT	id:	ICSA-19-213-05	Trust: 1.1
db:	ZDI_CAN	id:	ZDI-CAN-8623	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8013	Trust: 0.7
db:	ZDI	id:	ZDI-19-694	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10557	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8174	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8062	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8683	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10554	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8624	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8060	Trust: 0.7
db:	ZDI	id:	ZDI-19-698	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10559	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8096	Trust: 0.7
db:	ZDI	id:	ZDI-19-699	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10556	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10555	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8017	Trust: 0.7
db:	ZDI	id:	ZDI-19-697	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-10558	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8600	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-8015	Trust: 0.7
db:	ZDI	id:	ZDI-19-696	Trust: 0.7
db:	CNNVD	id:	CNNVD-201908-151	Trust: 0.1
db:	CNVD	id:	CNVD-2020-38699	Trust: 0.1
db:	VULHUB	id:	VHN-145364	Trust: 0.1

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-19-213-05	Trust: 13.0
url:	https://www.zerodayinitiative.com/advisories/zdi-19-1000/	Trust: 1.1
url:	https://www.zerodayinitiative.com/advisories/zdi-19-800/	Trust: 1.1
url:	https://www.zerodayinitiative.com/advisories/zdi-19-801/	Trust: 1.1
url:	https://www.zerodayinitiative.com/advisories/zdi-19-994/	Trust: 1.1
url:	https://www.zerodayinitiative.com/advisories/zdi-19-998/	Trust: 1.1
url:	https://www.zerodayinitiative.com/advisories/zdi-19-999/	Trust: 1.1
url:	https://www.zerodayinitiative.com/advisories/zdi-20-926/	Trust: 1.1
url:	https://www.zerodayinitiative.com/advisories/zdi-20-927/	Trust: 1.1
url:	https://www.zerodayinitiative.com/advisories/zdi-20-928/	Trust: 1.1
url:	https://www.zerodayinitiative.com/advisories/zdi-20-929/	Trust: 1.1
url:	https://www.zerodayinitiative.com/advisories/zdi-20-930/	Trust: 1.1
url:	https://www.zerodayinitiative.com/advisories/zdi-20-931/	Trust: 1.1

CREDITS

kimiya of 9SG Security Team - kimiya@9sgsec.com

Trust: 7.7

sources: ZDI: ZDI-19-999 // ZDI: ZDI-19-694 // ZDI: ZDI-19-800 // ZDI: ZDI-19-801 // ZDI: ZDI-19-994 // ZDI: ZDI-19-1000 // ZDI: ZDI-19-698 // ZDI: ZDI-19-699 // ZDI: ZDI-19-697 // ZDI: ZDI-19-998 // ZDI: ZDI-19-696

SOURCES

db:	ZDI	id:	ZDI-19-999
db:	ZDI	id:	ZDI-19-694
db:	ZDI	id:	ZDI-20-929
db:	ZDI	id:	ZDI-19-800
db:	ZDI	id:	ZDI-19-801
db:	ZDI	id:	ZDI-19-994
db:	ZDI	id:	ZDI-20-926
db:	ZDI	id:	ZDI-19-1000
db:	ZDI	id:	ZDI-19-698
db:	ZDI	id:	ZDI-20-931
db:	ZDI	id:	ZDI-19-699
db:	ZDI	id:	ZDI-20-928
db:	ZDI	id:	ZDI-20-927
db:	ZDI	id:	ZDI-19-697
db:	ZDI	id:	ZDI-20-930
db:	ZDI	id:	ZDI-19-998
db:	ZDI	id:	ZDI-19-696
db:	VULHUB	id:	VHN-145364
db:	NVD	id:	CVE-2019-13510

LAST UPDATE DATE

2024-09-15T22:52:00.259000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-999	date:	2019-12-09T00:00:00
db:	ZDI	id:	ZDI-19-694	date:	2019-08-08T00:00:00
db:	ZDI	id:	ZDI-20-929	date:	2020-08-04T00:00:00
db:	ZDI	id:	ZDI-19-800	date:	2019-09-09T00:00:00
db:	ZDI	id:	ZDI-19-801	date:	2019-09-09T00:00:00
db:	ZDI	id:	ZDI-19-994	date:	2019-11-26T00:00:00
db:	ZDI	id:	ZDI-20-926	date:	2020-08-04T00:00:00
db:	ZDI	id:	ZDI-19-1000	date:	2019-12-09T00:00:00
db:	ZDI	id:	ZDI-19-698	date:	2019-08-08T00:00:00
db:	ZDI	id:	ZDI-20-931	date:	2020-08-04T00:00:00
db:	ZDI	id:	ZDI-19-699	date:	2019-08-08T00:00:00
db:	ZDI	id:	ZDI-20-928	date:	2020-08-04T00:00:00
db:	ZDI	id:	ZDI-20-927	date:	2020-08-04T00:00:00
db:	ZDI	id:	ZDI-19-697	date:	2019-08-08T00:00:00
db:	ZDI	id:	ZDI-20-930	date:	2020-08-04T00:00:00
db:	ZDI	id:	ZDI-19-998	date:	2019-12-09T00:00:00
db:	ZDI	id:	ZDI-19-696	date:	2019-08-08T00:00:00
db:	VULHUB	id:	VHN-145364	date:	2020-08-04T00:00:00
db:	NVD	id:	CVE-2019-13510	date:	2020-08-04T15:15:10.173

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-19-999	date:	2019-12-09T00:00:00
db:	ZDI	id:	ZDI-19-694	date:	2019-08-08T00:00:00
db:	ZDI	id:	ZDI-20-929	date:	2020-08-04T00:00:00
db:	ZDI	id:	ZDI-19-800	date:	2019-09-09T00:00:00
db:	ZDI	id:	ZDI-19-801	date:	2019-09-09T00:00:00
db:	ZDI	id:	ZDI-19-994	date:	2019-11-26T00:00:00
db:	ZDI	id:	ZDI-20-926	date:	2020-08-04T00:00:00
db:	ZDI	id:	ZDI-19-1000	date:	2019-12-09T00:00:00
db:	ZDI	id:	ZDI-19-698	date:	2019-08-08T00:00:00
db:	ZDI	id:	ZDI-20-931	date:	2020-08-04T00:00:00
db:	ZDI	id:	ZDI-19-699	date:	2019-08-08T00:00:00
db:	ZDI	id:	ZDI-20-928	date:	2020-08-04T00:00:00
db:	ZDI	id:	ZDI-20-927	date:	2020-08-04T00:00:00
db:	ZDI	id:	ZDI-19-697	date:	2019-08-08T00:00:00
db:	ZDI	id:	ZDI-20-930	date:	2020-08-04T00:00:00
db:	ZDI	id:	ZDI-19-998	date:	2019-12-09T00:00:00
db:	ZDI	id:	ZDI-19-696	date:	2019-08-08T00:00:00
db:	VULHUB	id:	VHN-145364	date:	2019-08-15T00:00:00
db:	NVD	id:	CVE-2019-13510	date:	2019-08-15T19:15:10.873