Main Vulnerability Database Vulnerabilities #VU12588

#VU12588 Use-after-free error in Arena - CVE-2018-8843

Published: May 10, 2018 / Updated: May 11, 2018

Vulnerability identifier: #VU12588

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Clear

CVE-ID: CVE-2018-8843

CWE-ID: CWE-416

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Arena

Software vendor:
Rockwell Automation

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to use-after-free error. A local attacker can process specially crafted Arena Simulation Software files, trigger memory corruption and cause the service to crash potentially losing any unsaved data.

Remediation

Update to version 15.10.01 or later.

External links

https://ics-cert.us-cert.gov/advisories/ICSA-18-130-02

#VU12588 Use-after-free error in Arena - CVE-2018-8843

Description

Remediation

External links

Please verify you're human