CVE-2019-13519

EPSS 0.05%
Published 27.01.2020 23:15:10
Last modified 17.12.2024 15:52:01
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Rockwellautomation ≫ Arena Version <= 16.00.00

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.136

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

https://www.us-cert.gov/ics/advisories/icsa-19-213-05

Third Party Advisory

US Government Resource

https://www.zerodayinitiative.com/advisories/ZDI-19-802/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2019-13519

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-13519

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-13519

EUVD