CVE-2019-13527 – Rockwell Automation Arena Simulation DOE File Parsing Uninitialized Pointer Dereference Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13527
In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized. En Rockwell Automation Arena Simulación Software Cat. 9502-Axe, versiones 16.00.00 y anteriores, un archivo Arena diseñado con fines maliciosos abierto por parte de un usuario desprevenido puede resultar en el uso de un puntero que no ha sido inicializado. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DOE files. The issue results from the lack of proper initialization of a pointer prior to accessing it. • https://www.us-cert.gov/ics/advisories/icsa-19-213-05 https://www.zerodayinitiative.com/advisories/ZDI-19-993 • CWE-824: Access of Uninitialized Pointer •
CVE-2019-13519 – Rockwell Automation Arena Simulation DOE File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13519
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities. Un archivo de programa creado con fines maliciosos abierto por parte de un usuario desprevenido de Rockwell Automation Arena Simulation Software versión 16.00.00 y anteriores, puede resultar en una exposición limitada de la información relacionada con la estación de trabajo apuntada. Rockwell Automation ha publicado la versión 16.00.01 de Arena Simulation Software para abordar las vulnerabilidades reportadas. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. • https://www.us-cert.gov/ics/advisories/icsa-19-213-05 https://www.zerodayinitiative.com/advisories/ZDI-19-802 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2019-13521 – Rockwell Automation Arena Simulation DOE File Insufficient UI Warning Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13521
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities. Un archivo de programa diseñado con fines maliciosos abierto por parte de un usuario desprevenido de Rockwell Automation Arena Simulation Software versión 16.00.00 y anteriores, puede resultar en una exposición limitada de la información relacionada con la estación de trabajo apuntada. Rockwell Automation ha publicado la versión 16.00.01 de Arena Simulation Software para abordar las vulnerabilidades reportadas. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. • https://www.us-cert.gov/ics/advisories/icsa-19-213-05 https://www.zerodayinitiative.com/advisories/ZDI-19-799 • CWE-357: Insufficient UI Warning of Dangerous Operations •
CVE-2019-13510 – Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13510
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. Rockwell Automation Arena Simulation Software versiones 16.00.00 y anteriores, contiene una vulnerabilidad de USO DE MEMORIA PREVIAMENTE LIBERADA CWE-416. Un archivo Arena diseñado maliciosamente abierto por parte de un usuario desprevenido puede resultar en el bloqueo de la aplicación o la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. • https://www.us-cert.gov/ics/advisories/icsa-19-213-05 https://www.zerodayinitiative.com/advisories/ZDI-19-1000 https://www.zerodayinitiative.com/advisories/ZDI-19-800 https://www.zerodayinitiative.com/advisories/ZDI-19-801 https://www.zerodayinitiative.com/advisories/ZDI-19-994 https://www.zerodayinitiative.com/advisories/ZDI-19-998 https://www.zerodayinitiative.com/advisories/ZDI-19-999 https://www.zerodayinitiative.com/advisories/ZDI-20-926 https://www.zerodayinitiative.com/advisories/ZDI-20& • CWE-416: Use After Free •
CVE-2019-13511 – Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13511
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation. Rockwell Automation Arena Simulation Software versiones 16.00.00 y anteriores, contienen una EXPOSICIÓN DE INFORMACIÓN CWE-200. Un archivo Arena creado con fines maliciosos abierto por parte de un usuario desprevenido puede resultar en la exposición limitada de la información relacionada con la estación de trabajo de destino. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. • https://www.us-cert.gov/ics/advisories/icsa-19-213-05 https://www.zerodayinitiative.com/advisories/ZDI-20-810 https://www.zerodayinitiative.com/advisories/ZDI-20-811 https://www.zerodayinitiative.com/advisories/ZDI-20-812 https://www.zerodayinitiative.com/advisories/ZDI-20-813 https://www.zerodayinitiative.com/advisories/ZDI-20-814 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-416: Use After Free •