CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13519 – Rockwell Automation Arena Simulation DOE File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13519
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities. Un archivo de programa creado con fines maliciosos abierto por parte de un usuario desprevenido de Rockwell Automation Arena Simulation Software versión 16.00.00 y anteriores, puede resultar en una exposición limitada de la información relacionada con la estación de trabajo apuntada. Rockwell Automation ha publicado la versión 16.00.01 de Arena Simulation Software para abordar las vulnerabilidades reportadas. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. • https://www.us-cert.gov/ics/advisories/icsa-19-213-05 https://www.zerodayinitiative.com/advisories/ZDI-19-802 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13521 – Rockwell Automation Arena Simulation DOE File Insufficient UI Warning Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13521
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities. Un archivo de programa diseñado con fines maliciosos abierto por parte de un usuario desprevenido de Rockwell Automation Arena Simulation Software versión 16.00.00 y anteriores, puede resultar en una exposición limitada de la información relacionada con la estación de trabajo apuntada. Rockwell Automation ha publicado la versión 16.00.01 de Arena Simulation Software para abordar las vulnerabilidades reportadas. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. • https://www.us-cert.gov/ics/advisories/icsa-19-213-05 https://www.zerodayinitiative.com/advisories/ZDI-19-799 • CWE-357: Insufficient UI Warning of Dangerous Operations •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13510 – Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13510
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. Rockwell Automation Arena Simulation Software versiones 16.00.00 y anteriores, contiene una vulnerabilidad de USO DE MEMORIA PREVIAMENTE LIBERADA CWE-416. Un archivo Arena diseñado maliciosamente abierto por parte de un usuario desprevenido puede resultar en el bloqueo de la aplicación o la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. • https://www.us-cert.gov/ics/advisories/icsa-19-213-05 https://www.zerodayinitiative.com/advisories/ZDI-19-1000 https://www.zerodayinitiative.com/advisories/ZDI-19-800 https://www.zerodayinitiative.com/advisories/ZDI-19-801 https://www.zerodayinitiative.com/advisories/ZDI-19-994 https://www.zerodayinitiative.com/advisories/ZDI-19-998 https://www.zerodayinitiative.com/advisories/ZDI-19-999 https://www.zerodayinitiative.com/advisories/ZDI-20-926 https://www.zerodayinitiative.com/advisories/ZDI-20& • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13511 – Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13511
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation. Rockwell Automation Arena Simulation Software versiones 16.00.00 y anteriores, contienen una EXPOSICIÓN DE INFORMACIÓN CWE-200. Un archivo Arena creado con fines maliciosos abierto por parte de un usuario desprevenido puede resultar en la exposición limitada de la información relacionada con la estación de trabajo de destino. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. • https://www.us-cert.gov/ics/advisories/icsa-19-213-05 https://www.zerodayinitiative.com/advisories/ZDI-20-810 https://www.zerodayinitiative.com/advisories/ZDI-20-811 https://www.zerodayinitiative.com/advisories/ZDI-20-812 https://www.zerodayinitiative.com/advisories/ZDI-20-813 https://www.zerodayinitiative.com/advisories/ZDI-20-814 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2019-10970
https://notcve.org/view.php?id=CVE-2019-10970
In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon successful exploit, may boot-up the terminal and gain root-level access to the device’s file system. En Rockwell Automation PanelView 5510 (todas las versiones fabricadas antes del 13 de marzo de 2019 que nunca se han actualizado a v4.003, v5.002 o posterior), un aplicantef de amenazas remoto no autenticado con acceso a una pantalla gráfica PanelView 5510 afectada, una vez que se ha realizado la explotación con éxito , puede arrancar el terminal y obtener acceso de nivel raíz al sistema de archivos del dispositivo. • http://www.securityfocus.com/bid/109105 https://www.us-cert.gov/ics/advisories/icsa-19-190-02 • CWE-284: Improper Access Control •