CVE-2019-13519

EPSS 0.05%
Veröffentlicht 27.01.2020 23:15:10
Zuletzt bearbeitet 17.12.2024 15:52:01
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rockwellautomation ≫ Arena Version <= 16.00.00

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.136

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

https://www.us-cert.gov/ics/advisories/icsa-19-213-05

Third Party Advisory

US Government Resource

https://www.zerodayinitiative.com/advisories/ZDI-19-802/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2019-13519

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-13519

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-13519

EUVD