ID

VAR-201909-0993


CVE

CVE-2019-13527


TITLE

Rockwell Automation Arena Simulation Software Cat. 9502-Ax Vulnerable to uninitialized pointer access

Trust: 0.8

sources: JVNDB: JVNDB-2019-009665

DESCRIPTION

In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized. 9502-Ax Contains a vulnerability in uninitialized pointer access.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of DOE files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. 9502-Ax 16.00.00 and previous versions have security vulnerabilities. 9502-Ax 16.00.00 and earlier

Trust: 2.88

sources: NVD: CVE-2019-13527 // JVNDB: JVNDB-2019-009665 // ZDI: ZDI-19-993 // CNVD: CNVD-2020-38697 // VULHUB: VHN-145382

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-38697

AFFECTED PRODUCTS

vendor:rockwellautomationmodel:arena simulation softwarescope:lteversion:16.00.00

Trust: 1.0

vendor:rockwell automationmodel:arena simulation softwarescope:lteversion:16.00.00

Trust: 0.8

vendor:rockwell automationmodel:arena simulationscope: - version: -

Trust: 0.7

vendor:rockwellmodel:automation arena simulation softwarescope:lteversion:<=16.00.00

Trust: 0.6

sources: ZDI: ZDI-19-993 // CNVD: CNVD-2020-38697 // JVNDB: JVNDB-2019-009665 // NVD: CVE-2019-13527

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13527
value: HIGH

Trust: 1.0

NVD: CVE-2019-13527
value: HIGH

Trust: 0.8

ZDI: CVE-2019-13527
value: HIGH

Trust: 0.7

CNVD: CNVD-2020-38697
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201909-1099
value: HIGH

Trust: 0.6

VULHUB: VHN-145382
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-13527
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-38697
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-145382
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-13527
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-13527
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2019-13527
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-19-993 // CNVD: CNVD-2020-38697 // VULHUB: VHN-145382 // JVNDB: JVNDB-2019-009665 // CNNVD: CNNVD-201909-1099 // NVD: CVE-2019-13527

PROBLEMTYPE DATA

problemtype:CWE-824

Trust: 1.9

sources: VULHUB: VHN-145382 // JVNDB: JVNDB-2019-009665 // NVD: CVE-2019-13527

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201909-1099

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201909-1099

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-009665

PATCH

title:Top Pageurl:https://www.rockwellautomation.com/site-selection.html

Trust: 0.8

title:Rockwell Automation has issued an update to correct this vulnerability.url:https://www.us-cert.gov/ics/advisories/icsa-19-213-05

Trust: 0.7

title:Patch for Rockwell Automation Arena Simulation Software Cat. 9502-Ax buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/225423

Trust: 0.6

title:Rockwell Automation Arena Simulation Software Cat. 9502-Ax Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98518

Trust: 0.6

sources: ZDI: ZDI-19-993 // CNVD: CNVD-2020-38697 // JVNDB: JVNDB-2019-009665 // CNNVD: CNNVD-201909-1099

EXTERNAL IDS

db:NVDid:CVE-2019-13527

Trust: 3.8

db:ZDIid:ZDI-19-993

Trust: 3.0

db:ICS CERTid:ICSA-19-213-05

Trust: 2.5

db:JVNDBid:JVNDB-2019-009665

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-8682

Trust: 0.7

db:CNVDid:CNVD-2020-38697

Trust: 0.7

db:CNNVDid:CNNVD-201909-1099

Trust: 0.7

db:VULHUBid:VHN-145382

Trust: 0.1

sources: ZDI: ZDI-19-993 // CNVD: CNVD-2020-38697 // VULHUB: VHN-145382 // JVNDB: JVNDB-2019-009665 // CNNVD: CNNVD-201909-1099 // NVD: CVE-2019-13527

REFERENCES

url:https://www.us-cert.gov/ics/advisories/icsa-19-213-05

Trust: 3.2

url:https://www.zerodayinitiative.com/advisories/zdi-19-993/

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-13527

Trust: 2.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13527

Trust: 0.8

sources: ZDI: ZDI-19-993 // CNVD: CNVD-2020-38697 // VULHUB: VHN-145382 // JVNDB: JVNDB-2019-009665 // CNNVD: CNNVD-201909-1099 // NVD: CVE-2019-13527

CREDITS

kimiya of 9SG Security Team - kimiya@9sgsec.com

Trust: 1.3

sources: ZDI: ZDI-19-993 // CNNVD: CNNVD-201909-1099

SOURCES

db:ZDIid:ZDI-19-993
db:CNVDid:CNVD-2020-38697
db:VULHUBid:VHN-145382
db:JVNDBid:JVNDB-2019-009665
db:CNNVDid:CNNVD-201909-1099
db:NVDid:CVE-2019-13527

LAST UPDATE DATE

2024-08-14T13:44:27.499000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-19-993date:2019-11-26T00:00:00
db:CNVDid:CNVD-2020-38697date:2020-07-14T00:00:00
db:VULHUBid:VHN-145382date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-009665date:2019-09-26T00:00:00
db:CNNVDid:CNNVD-201909-1099date:2019-11-27T00:00:00
db:NVDid:CVE-2019-13527date:2019-10-09T23:46:33.030

SOURCES RELEASE DATE

db:ZDIid:ZDI-19-993date:2019-11-26T00:00:00
db:CNVDid:CNVD-2020-38697date:2020-07-14T00:00:00
db:VULHUBid:VHN-145382date:2019-09-24T00:00:00
db:JVNDBid:JVNDB-2019-009665date:2019-09-26T00:00:00
db:CNNVDid:CNNVD-201909-1099date:2019-09-24T00:00:00
db:NVDid:CVE-2019-13527date:2019-09-24T22:15:12.967