CVE-2019-13510

Description

Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code.

References

Link	Tags
https://www.us-cert.gov/ics/advisories/icsa-19-213-05	us government resource third party advisory mitigation
https://www.zerodayinitiative.com/advisories/ZDI-19-800/
https://www.zerodayinitiative.com/advisories/ZDI-19-801/
https://www.zerodayinitiative.com/advisories/ZDI-19-994/
https://www.zerodayinitiative.com/advisories/ZDI-19-999/
https://www.zerodayinitiative.com/advisories/ZDI-19-998/
https://www.zerodayinitiative.com/advisories/ZDI-19-1000/
https://www.zerodayinitiative.com/advisories/ZDI-20-927/
https://www.zerodayinitiative.com/advisories/ZDI-20-931/
https://www.zerodayinitiative.com/advisories/ZDI-20-926/
https://www.zerodayinitiative.com/advisories/ZDI-20-929/
https://www.zerodayinitiative.com/advisories/ZDI-20-928/
https://www.zerodayinitiative.com/advisories/ZDI-20-930/

Frequently Asked Questions

What is the severity of CVE-2019-13510?: CVE-2019-13510 has been scored as a high severity vulnerability.
How to fix CVE-2019-13510?: To fix CVE-2019-13510, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2019-13510 being actively exploited in the wild?: It is possible that CVE-2019-13510 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-13510?: CVE-2019-13510 affects n/a Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier.

Description

Category

CWE-416 – Use After Free

References

Frequently Asked Questions