CVE-2019-13521

EPSS 0.05%
Veröffentlicht 27.01.2020 23:15:10
Zuletzt bearbeitet 17.12.2024 15:52:01
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rockwellautomation ≫ Arena Version <= 16.00.00

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.136

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-357 Insufficient UI Warning of Dangerous Operations

The user interface provides a warning to a user regarding dangerous or sensitive operations, but the warning is not noticeable enough to warrant attention.

https://www.us-cert.gov/ics/advisories/icsa-19-213-05

Third Party Advisory

US Government Resource

https://www.zerodayinitiative.com/advisories/ZDI-19-799/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2019-13521

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-13521

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-13521

EUVD