Multiple vulnerabilities in Rockwell Automation Arena Simulation Software



Published: 2019-08-01 | Updated: 2019-09-25
Risk High
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2019-13510
CVE-2019-13511
CVE-2019-13521
CVE-2019-13519
CVE-2019-13527
CWE-ID CWE-416
CWE-200
CWE-77
CWE-843
CWE-824
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Arena
Server applications / Virtualization software

Vendor Rockwell Automation

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

Update 25.09.2019
Added vulnerabilities #3-5

1) Use-after-free

EUVDB-ID: #VU20457

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-13510

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing the Arena files. A remote attacker can trick a victim to open a specially crafted Arena file and crash the application or execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Arena: 14.50.00 - 16.00.00


CPE2.3 External links

http://www.us-cert.gov/ics/advisories/icsa-19-213-05
http://www.zerodayinitiative.com/advisories/ZDI-19-999/
http://www.zerodayinitiative.com/advisories/ZDI-19-998/
http://www.zerodayinitiative.com/advisories/ZDI-19-1000/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Information disclosure

EUVDB-ID: #VU20458

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-13511

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the specific flaw exists within the processing of project files. A remote attacker can trick a victim to open a specially crafted Arena file and gain unauthorized access to sensitive information related to the targeted workstation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Arena: 14.50.00 - 16.00.00


CPE2.3 External links

http://www.us-cert.gov/ics/advisories/icsa-19-213-05

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Command Injection

EUVDB-ID: #VU21332

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-13521

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands.

The vulnerability exists due to improper input validation when processing the .DOE files. A remote attacker can trick a victim to open a specially crafted .DOE file and execute arbitrary commands on the target system without prompting the user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Arena: 14.50.00 - 16.00.00


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-19-799/
http://www.us-cert.gov/ics/advisories/icsa-19-213-05

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Type Confusion

EUVDB-ID: #VU21331

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-13519

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when processing the .DOE files. A remote attacker can trick a victim to open a specially crafted .DOE file, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Arena: 14.50.00 - 16.00.00


CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-19-802/
http://www.us-cert.gov/ics/advisories/icsa-19-213-05

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Access of uninitialized pointer

EUVDB-ID: #VU21330

Risk: High

CVSSv3.1:

CVE-ID: CVE-2019-13527

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to the affected software accesses or uses a pointer that has not been initialized. A remote attacker can trick a victim to open a specially crafted Arena file, which results in the use of a pointer that has not been initialized and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Arena: 14.50.00 - 16.00.00


CPE2.3 External links

http://www.us-cert.gov/ics/advisories/icsa-19-213-05

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###