CVE-2018-8843 – Rockwell Automation Arena File Parsing SmAnim Use-After-Free Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2018-8843

Rockwell Automation Arena versions 15.10.00 and prior contains a use after free vulnerability caused by processing specially crafted Arena Simulation Software files that may cause the software application to crash, potentially losing any unsaved data.. Rockwell Automation Arena, en versiones 15.10.00 y anteriores, contiene una vulnerabilidad de uso de memoria previamente liberada (user-after-free) provocada por el procesamiento de archivos Arena Simulation Software especialmente manipulados que podrían provocar el cierre inesperado de la aplicación de software, pudiendo perder cualquier dato no guardado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Rockwell Automation Arena. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of an Arena Model file. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • http://www.securityfocus.com/bid/104166 https://ics-cert.us-cert.gov/advisories/ICSA-18-130-02 • CWE-416: Use After Free •