Search criteria
36 vulnerabilities found for Arena Simulation by Rockwell Automation
VAR-201908-0863
Vulnerability from variot - Updated: 2025-12-22 23:52Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of DOE files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "arena simulation",
"scope": null,
"trust": 11.2,
"vendor": "rockwell automation",
"version": null
},
{
"_id": null,
"model": "arena",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "16.00.00"
},
{
"_id": null,
"model": "arena simulation software",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "16.00.00"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-999"
},
{
"db": "ZDI",
"id": "ZDI-19-694"
},
{
"db": "ZDI",
"id": "ZDI-20-929"
},
{
"db": "ZDI",
"id": "ZDI-19-800"
},
{
"db": "ZDI",
"id": "ZDI-19-801"
},
{
"db": "ZDI",
"id": "ZDI-19-994"
},
{
"db": "ZDI",
"id": "ZDI-20-926"
},
{
"db": "ZDI",
"id": "ZDI-19-1000"
},
{
"db": "ZDI",
"id": "ZDI-19-698"
},
{
"db": "ZDI",
"id": "ZDI-20-931"
},
{
"db": "ZDI",
"id": "ZDI-20-928"
},
{
"db": "ZDI",
"id": "ZDI-20-927"
},
{
"db": "ZDI",
"id": "ZDI-19-697"
},
{
"db": "ZDI",
"id": "ZDI-20-930"
},
{
"db": "ZDI",
"id": "ZDI-19-998"
},
{
"db": "ZDI",
"id": "ZDI-19-696"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008378"
},
{
"db": "NVD",
"id": "CVE-2019-13510"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:rockwellautomation:arena_simulation_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008378"
}
]
},
"credits": {
"_id": null,
"data": "kimiya of 9SG Security Team - kimiya@9sgsec.com",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-999"
},
{
"db": "ZDI",
"id": "ZDI-19-694"
},
{
"db": "ZDI",
"id": "ZDI-19-800"
},
{
"db": "ZDI",
"id": "ZDI-19-801"
},
{
"db": "ZDI",
"id": "ZDI-19-994"
},
{
"db": "ZDI",
"id": "ZDI-19-1000"
},
{
"db": "ZDI",
"id": "ZDI-19-698"
},
{
"db": "ZDI",
"id": "ZDI-19-697"
},
{
"db": "ZDI",
"id": "ZDI-19-998"
},
{
"db": "ZDI",
"id": "ZDI-19-696"
}
],
"trust": 7.0
},
"cve": "CVE-2019-13510",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-13510",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-13510",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 11.2,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-13510",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2019-13510",
"trust": 11.2,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13510",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-13510",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-151",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-999"
},
{
"db": "ZDI",
"id": "ZDI-19-694"
},
{
"db": "ZDI",
"id": "ZDI-20-929"
},
{
"db": "ZDI",
"id": "ZDI-19-800"
},
{
"db": "ZDI",
"id": "ZDI-19-801"
},
{
"db": "ZDI",
"id": "ZDI-19-994"
},
{
"db": "ZDI",
"id": "ZDI-20-926"
},
{
"db": "ZDI",
"id": "ZDI-19-1000"
},
{
"db": "ZDI",
"id": "ZDI-19-698"
},
{
"db": "ZDI",
"id": "ZDI-20-931"
},
{
"db": "ZDI",
"id": "ZDI-20-928"
},
{
"db": "ZDI",
"id": "ZDI-20-927"
},
{
"db": "ZDI",
"id": "ZDI-19-697"
},
{
"db": "ZDI",
"id": "ZDI-20-930"
},
{
"db": "ZDI",
"id": "ZDI-19-998"
},
{
"db": "ZDI",
"id": "ZDI-19-696"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-151"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008378"
},
{
"db": "NVD",
"id": "CVE-2019-13510"
}
]
},
"description": {
"_id": null,
"data": "Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of DOE files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13510"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008378"
},
{
"db": "ZDI",
"id": "ZDI-19-694"
},
{
"db": "ZDI",
"id": "ZDI-19-696"
},
{
"db": "ZDI",
"id": "ZDI-19-998"
},
{
"db": "ZDI",
"id": "ZDI-20-930"
},
{
"db": "ZDI",
"id": "ZDI-19-697"
},
{
"db": "ZDI",
"id": "ZDI-20-927"
},
{
"db": "ZDI",
"id": "ZDI-20-928"
},
{
"db": "ZDI",
"id": "ZDI-19-999"
},
{
"db": "ZDI",
"id": "ZDI-19-698"
},
{
"db": "ZDI",
"id": "ZDI-19-1000"
},
{
"db": "ZDI",
"id": "ZDI-20-926"
},
{
"db": "ZDI",
"id": "ZDI-19-994"
},
{
"db": "ZDI",
"id": "ZDI-19-801"
},
{
"db": "ZDI",
"id": "ZDI-19-800"
},
{
"db": "ZDI",
"id": "ZDI-20-929"
},
{
"db": "ZDI",
"id": "ZDI-20-931"
}
],
"trust": 11.7
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-13510",
"trust": 13.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-213-05",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-999",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-20-929",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-800",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-801",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-994",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-20-926",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-1000",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-20-931",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-20-928",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-20-927",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-20-930",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-19-998",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008378",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8623",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8013",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-694",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10557",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8174",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8062",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8683",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10554",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8624",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8060",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-698",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10559",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10556",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10555",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8017",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-697",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10558",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8600",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8015",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-696",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-19-699",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2900",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201908-151",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-999"
},
{
"db": "ZDI",
"id": "ZDI-19-694"
},
{
"db": "ZDI",
"id": "ZDI-20-929"
},
{
"db": "ZDI",
"id": "ZDI-19-800"
},
{
"db": "ZDI",
"id": "ZDI-19-801"
},
{
"db": "ZDI",
"id": "ZDI-19-994"
},
{
"db": "ZDI",
"id": "ZDI-20-926"
},
{
"db": "ZDI",
"id": "ZDI-19-1000"
},
{
"db": "ZDI",
"id": "ZDI-19-698"
},
{
"db": "ZDI",
"id": "ZDI-20-931"
},
{
"db": "ZDI",
"id": "ZDI-20-928"
},
{
"db": "ZDI",
"id": "ZDI-20-927"
},
{
"db": "ZDI",
"id": "ZDI-19-697"
},
{
"db": "ZDI",
"id": "ZDI-20-930"
},
{
"db": "ZDI",
"id": "ZDI-19-998"
},
{
"db": "ZDI",
"id": "ZDI-19-696"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-151"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008378"
},
{
"db": "NVD",
"id": "CVE-2019-13510"
}
]
},
"id": "VAR-201908-0863",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.8181818
},
"last_update_date": "2025-12-22T23:52:37.116000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 11.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.rockwellautomation.com/"
},
{
"title": "Rockwell Automation Arena Simulation Software Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95913"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-999"
},
{
"db": "ZDI",
"id": "ZDI-19-694"
},
{
"db": "ZDI",
"id": "ZDI-20-929"
},
{
"db": "ZDI",
"id": "ZDI-19-800"
},
{
"db": "ZDI",
"id": "ZDI-19-801"
},
{
"db": "ZDI",
"id": "ZDI-19-994"
},
{
"db": "ZDI",
"id": "ZDI-20-926"
},
{
"db": "ZDI",
"id": "ZDI-19-1000"
},
{
"db": "ZDI",
"id": "ZDI-19-698"
},
{
"db": "ZDI",
"id": "ZDI-20-931"
},
{
"db": "ZDI",
"id": "ZDI-20-928"
},
{
"db": "ZDI",
"id": "ZDI-20-927"
},
{
"db": "ZDI",
"id": "ZDI-19-697"
},
{
"db": "ZDI",
"id": "ZDI-20-930"
},
{
"db": "ZDI",
"id": "ZDI-19-998"
},
{
"db": "ZDI",
"id": "ZDI-19-696"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-151"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008378"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-416",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008378"
},
{
"db": "NVD",
"id": "CVE-2019-13510"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 14.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05"
},
{
"trust": 2.2,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-1000/"
},
{
"trust": 2.2,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-994/"
},
{
"trust": 2.2,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-801/"
},
{
"trust": 2.2,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-931/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-998/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-800/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-999/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-926/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-930/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-929/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-927/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-928/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13510"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13510"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2900/"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-699/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-999"
},
{
"db": "ZDI",
"id": "ZDI-19-694"
},
{
"db": "ZDI",
"id": "ZDI-20-929"
},
{
"db": "ZDI",
"id": "ZDI-19-800"
},
{
"db": "ZDI",
"id": "ZDI-19-801"
},
{
"db": "ZDI",
"id": "ZDI-19-994"
},
{
"db": "ZDI",
"id": "ZDI-20-926"
},
{
"db": "ZDI",
"id": "ZDI-19-1000"
},
{
"db": "ZDI",
"id": "ZDI-19-698"
},
{
"db": "ZDI",
"id": "ZDI-20-931"
},
{
"db": "ZDI",
"id": "ZDI-20-928"
},
{
"db": "ZDI",
"id": "ZDI-20-927"
},
{
"db": "ZDI",
"id": "ZDI-19-697"
},
{
"db": "ZDI",
"id": "ZDI-20-930"
},
{
"db": "ZDI",
"id": "ZDI-19-998"
},
{
"db": "ZDI",
"id": "ZDI-19-696"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-151"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008378"
},
{
"db": "NVD",
"id": "CVE-2019-13510"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-19-999",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-694",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-929",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-800",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-801",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-994",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-926",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-1000",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-698",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-931",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-928",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-927",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-697",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-930",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-998",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-19-696",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201908-151",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008378",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-13510",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-12-09T00:00:00",
"db": "ZDI",
"id": "ZDI-19-999",
"ident": null
},
{
"date": "2019-08-08T00:00:00",
"db": "ZDI",
"id": "ZDI-19-694",
"ident": null
},
{
"date": "2020-08-04T00:00:00",
"db": "ZDI",
"id": "ZDI-20-929",
"ident": null
},
{
"date": "2019-09-09T00:00:00",
"db": "ZDI",
"id": "ZDI-19-800",
"ident": null
},
{
"date": "2019-09-09T00:00:00",
"db": "ZDI",
"id": "ZDI-19-801",
"ident": null
},
{
"date": "2019-11-26T00:00:00",
"db": "ZDI",
"id": "ZDI-19-994",
"ident": null
},
{
"date": "2020-08-04T00:00:00",
"db": "ZDI",
"id": "ZDI-20-926",
"ident": null
},
{
"date": "2019-12-09T00:00:00",
"db": "ZDI",
"id": "ZDI-19-1000",
"ident": null
},
{
"date": "2019-08-08T00:00:00",
"db": "ZDI",
"id": "ZDI-19-698",
"ident": null
},
{
"date": "2020-08-04T00:00:00",
"db": "ZDI",
"id": "ZDI-20-931",
"ident": null
},
{
"date": "2020-08-04T00:00:00",
"db": "ZDI",
"id": "ZDI-20-928",
"ident": null
},
{
"date": "2020-08-04T00:00:00",
"db": "ZDI",
"id": "ZDI-20-927",
"ident": null
},
{
"date": "2019-08-08T00:00:00",
"db": "ZDI",
"id": "ZDI-19-697",
"ident": null
},
{
"date": "2020-08-04T00:00:00",
"db": "ZDI",
"id": "ZDI-20-930",
"ident": null
},
{
"date": "2019-12-09T00:00:00",
"db": "ZDI",
"id": "ZDI-19-998",
"ident": null
},
{
"date": "2019-08-08T00:00:00",
"db": "ZDI",
"id": "ZDI-19-696",
"ident": null
},
{
"date": "2019-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-151",
"ident": null
},
{
"date": "2019-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008378",
"ident": null
},
{
"date": "2019-08-15T19:15:10.873000",
"db": "NVD",
"id": "CVE-2019-13510",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-12-09T00:00:00",
"db": "ZDI",
"id": "ZDI-19-999",
"ident": null
},
{
"date": "2019-08-08T00:00:00",
"db": "ZDI",
"id": "ZDI-19-694",
"ident": null
},
{
"date": "2020-08-04T00:00:00",
"db": "ZDI",
"id": "ZDI-20-929",
"ident": null
},
{
"date": "2019-09-09T00:00:00",
"db": "ZDI",
"id": "ZDI-19-800",
"ident": null
},
{
"date": "2019-09-09T00:00:00",
"db": "ZDI",
"id": "ZDI-19-801",
"ident": null
},
{
"date": "2019-11-26T00:00:00",
"db": "ZDI",
"id": "ZDI-19-994",
"ident": null
},
{
"date": "2020-08-04T00:00:00",
"db": "ZDI",
"id": "ZDI-20-926",
"ident": null
},
{
"date": "2019-12-09T00:00:00",
"db": "ZDI",
"id": "ZDI-19-1000",
"ident": null
},
{
"date": "2019-08-08T00:00:00",
"db": "ZDI",
"id": "ZDI-19-698",
"ident": null
},
{
"date": "2020-08-04T00:00:00",
"db": "ZDI",
"id": "ZDI-20-931",
"ident": null
},
{
"date": "2020-08-04T00:00:00",
"db": "ZDI",
"id": "ZDI-20-928",
"ident": null
},
{
"date": "2020-08-04T00:00:00",
"db": "ZDI",
"id": "ZDI-20-927",
"ident": null
},
{
"date": "2019-08-08T00:00:00",
"db": "ZDI",
"id": "ZDI-19-697",
"ident": null
},
{
"date": "2020-08-04T00:00:00",
"db": "ZDI",
"id": "ZDI-20-930",
"ident": null
},
{
"date": "2019-12-09T00:00:00",
"db": "ZDI",
"id": "ZDI-19-998",
"ident": null
},
{
"date": "2019-08-08T00:00:00",
"db": "ZDI",
"id": "ZDI-19-696",
"ident": null
},
{
"date": "2020-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-151",
"ident": null
},
{
"date": "2019-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008378",
"ident": null
},
{
"date": "2024-12-17T15:52:51.450000",
"db": "NVD",
"id": "CVE-2019-13510",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-151"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-999"
},
{
"db": "ZDI",
"id": "ZDI-19-694"
},
{
"db": "ZDI",
"id": "ZDI-20-929"
},
{
"db": "ZDI",
"id": "ZDI-19-800"
},
{
"db": "ZDI",
"id": "ZDI-19-801"
},
{
"db": "ZDI",
"id": "ZDI-19-994"
},
{
"db": "ZDI",
"id": "ZDI-20-926"
},
{
"db": "ZDI",
"id": "ZDI-19-1000"
},
{
"db": "ZDI",
"id": "ZDI-19-698"
},
{
"db": "ZDI",
"id": "ZDI-20-931"
},
{
"db": "ZDI",
"id": "ZDI-20-928"
},
{
"db": "ZDI",
"id": "ZDI-20-927"
},
{
"db": "ZDI",
"id": "ZDI-19-697"
},
{
"db": "ZDI",
"id": "ZDI-20-930"
},
{
"db": "ZDI",
"id": "ZDI-19-998"
},
{
"db": "ZDI",
"id": "ZDI-19-696"
}
],
"trust": 11.2
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-151"
}
],
"trust": 0.6
}
}
VAR-202507-0593
Vulnerability from variot - Updated: 2025-10-17 23:26A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P. Rockwell Automation of Arena Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202507-0593",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "arena",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "16.20.09"
},
{
"model": "arena",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "arena",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "16.20.09"
},
{
"model": "arena",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "arena simulation",
"scope": null,
"trust": 0.7,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation arena",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-837"
},
{
"db": "CNVD",
"id": "CNVD-2025-19254"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008752"
},
{
"db": "NVD",
"id": "CVE-2025-6377"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Simon (@esj4y) Janz",
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-837"
}
],
"trust": 0.7
},
"cve": "CVE-2025-6377",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-19254",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-6377",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2025-6377",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-6377",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2025-6377",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2025-6377",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2025-6377",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2025-6377",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-19254",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-837"
},
{
"db": "CNVD",
"id": "CNVD-2025-19254"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008752"
},
{
"db": "NVD",
"id": "CVE-2025-6377"
},
{
"db": "NVD",
"id": "CVE-2025-6377"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote\ncode execution security issue exists in the Rockwell Automation\u00a0Arena\u00ae. \u00a0\u00a0A crafted DOE\nfile can force Arena Simulation to write beyond the boundaries of an allocated\nobject. Exploitation\nrequires user interaction, such as opening a malicious file within the software. \nIf exploited, a threat actor could execute arbitrary code on the target system. \nThe software must run under the context of the administrator in order to cause\nworse case impact. This is reflected in the Rockwell CVSS score, as AT:P. Rockwell Automation of Arena Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-6377"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008752"
},
{
"db": "ZDI",
"id": "ZDI-25-837"
},
{
"db": "CNVD",
"id": "CNVD-2025-19254"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-6377",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008752",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-26559",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-25-837",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-19254",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-837"
},
{
"db": "CNVD",
"id": "CNVD-2025-19254"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008752"
},
{
"db": "NVD",
"id": "CVE-2025-6377"
}
]
},
"id": "VAR-202507-0593",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-19254"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-19254"
}
]
},
"last_update_date": "2025-10-17T23:26:35.937000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-837"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-008752"
},
{
"db": "NVD",
"id": "CVE-2025-6377"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1729.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-6377"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-837"
},
{
"db": "CNVD",
"id": "CNVD-2025-19254"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008752"
},
{
"db": "NVD",
"id": "CVE-2025-6377"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-25-837"
},
{
"db": "CNVD",
"id": "CNVD-2025-19254"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008752"
},
{
"db": "NVD",
"id": "CVE-2025-6377"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-13T00:00:00",
"db": "ZDI",
"id": "ZDI-25-837"
},
{
"date": "2025-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-19254"
},
{
"date": "2025-07-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-008752"
},
{
"date": "2025-07-09T21:15:28.620000",
"db": "NVD",
"id": "CVE-2025-6377"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-13T00:00:00",
"db": "ZDI",
"id": "ZDI-25-837"
},
{
"date": "2025-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-19254"
},
{
"date": "2025-07-14T06:02:00",
"db": "JVNDB",
"id": "JVNDB-2025-008752"
},
{
"date": "2025-07-11T18:34:12.230000",
"db": "NVD",
"id": "CVE-2025-6377"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0Arena\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-008752"
}
],
"trust": 0.8
}
}
VAR-202507-0649
Vulnerability from variot - Updated: 2025-10-16 23:21A remote code execution security issue exists in the Rockwell Automation Arena®. A crafted DOE file can force Arena Simulation to write beyond the boundaries of an allocated object. Exploitation requires user interaction, such as opening a malicious file within the software. If exploited, a threat actor could execute arbitrary code on the target system. The software must run under the context of the administrator in order to cause worse case impact. This is reflected in the Rockwell CVSS score, as AT:P. Rockwell Automation of Arena Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202507-0649",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "arena",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "16.20.09"
},
{
"model": "arena",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "arena",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "16.20.09"
},
{
"model": "arena",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "arena simulation",
"scope": null,
"trust": 0.7,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation arena",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-836"
},
{
"db": "CNVD",
"id": "CNVD-2025-19255"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008853"
},
{
"db": "NVD",
"id": "CVE-2025-6376"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Simon (@esj4y) Janz",
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-836"
}
],
"trust": 0.7
},
"cve": "CVE-2025-6376",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-19255",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-6376",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2025-6376",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2025-6376",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2025-6376",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2025-6376",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2025-6376",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2025-6376",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-19255",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-836"
},
{
"db": "CNVD",
"id": "CNVD-2025-19255"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008853"
},
{
"db": "NVD",
"id": "CVE-2025-6376"
},
{
"db": "NVD",
"id": "CVE-2025-6376"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote\ncode execution security issue exists in the Rockwell Automation\u00a0Arena\u00ae. \u00a0\u00a0A crafted DOE\nfile can force Arena Simulation to write beyond the boundaries of an allocated\nobject. Exploitation\nrequires user interaction, such as opening a malicious file within the software. \nIf exploited, a threat actor could execute arbitrary code on the target system. \nThe software must run under the context of the administrator in order to cause\nworse case impact. This is reflected in the Rockwell CVSS score, as AT:P. Rockwell Automation of Arena Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-6376"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008853"
},
{
"db": "ZDI",
"id": "ZDI-25-836"
},
{
"db": "CNVD",
"id": "CNVD-2025-19255"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-6376",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008853",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-26556",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-25-836",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-19255",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-836"
},
{
"db": "CNVD",
"id": "CNVD-2025-19255"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008853"
},
{
"db": "NVD",
"id": "CVE-2025-6376"
}
]
},
"id": "VAR-202507-0649",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-19255"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-19255"
}
]
},
"last_update_date": "2025-10-16T23:21:30.371000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1729.html"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-836"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-008853"
},
{
"db": "NVD",
"id": "CVE-2025-6376"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1729.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-6376"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-25-836"
},
{
"db": "CNVD",
"id": "CNVD-2025-19255"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008853"
},
{
"db": "NVD",
"id": "CVE-2025-6376"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-25-836"
},
{
"db": "CNVD",
"id": "CNVD-2025-19255"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-008853"
},
{
"db": "NVD",
"id": "CVE-2025-6376"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-13T00:00:00",
"db": "ZDI",
"id": "ZDI-25-836"
},
{
"date": "2025-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-19255"
},
{
"date": "2025-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-008853"
},
{
"date": "2025-07-09T21:15:28.423000",
"db": "NVD",
"id": "CVE-2025-6376"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-08-13T00:00:00",
"db": "ZDI",
"id": "ZDI-25-836"
},
{
"date": "2025-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-19255"
},
{
"date": "2025-07-15T01:29:00",
"db": "JVNDB",
"id": "JVNDB-2025-008853"
},
{
"date": "2025-07-11T18:35:53.330000",
"db": "NVD",
"id": "CVE-2025-6376"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0Arena\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-008853"
}
],
"trust": 0.8
}
}
VAR-202310-1457
Vulnerability from variot - Updated: 2025-04-11 23:19Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute. (DoS) It may be in a state. Rockwell Automation Arena Simulation Software is a set of simulation software from Rockwell Automation of the United States that provides 3D animation and graphics functions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202310-1457",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "arena",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "16.20.02"
},
{
"model": "arena simulation",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "16.20.02"
},
{
"model": "arena simulation",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "arena simulation",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation rockwell automation arena simulation software",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-06476"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-015817"
},
{
"db": "NVD",
"id": "CVE-2023-27858"
}
]
},
"cve": "CVE-2023-27858",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-06476",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "PSIRT@rockwellautomation.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-27858",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-27858",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2023-27858",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-27858",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-27858",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2025-06476",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-06476"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-015817"
},
{
"db": "NVD",
"id": "CVE-2023-27858"
},
{
"db": "NVD",
"id": "CVE-2023-27858"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nRockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an\u00a0uninitialized pointer in the application. \u00a0The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. \u00a0The user would need to open a malicious file provided to them by the attacker for the code to execute. (DoS) It may be in a state. Rockwell Automation Arena Simulation Software is a set of simulation software from Rockwell Automation of the United States that provides 3D animation and graphics functions",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-27858"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-015817"
},
{
"db": "CNVD",
"id": "CNVD-2025-06476"
},
{
"db": "VULMON",
"id": "CVE-2023-27858"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-27858",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-23-299-04",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97042094",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-015817",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2025-06476",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-27858",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-06476"
},
{
"db": "VULMON",
"id": "CVE-2023-27858"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-015817"
},
{
"db": "NVD",
"id": "CVE-2023-27858"
}
]
},
"id": "VAR-202310-1457",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-06476"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-06476"
}
]
},
"last_update_date": "2025-04-11T23:19:18.573000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation Arena Simulation Software Buffer Overflow Vulnerability (CNVD-2025-06476)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/675016"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-06476"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-824",
"trust": 1.0
},
{
"problemtype": "Accessing uninitialized pointers (CWE-824) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-015817"
},
{
"db": "NVD",
"id": "CVE-2023-27858"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27858"
},
{
"trust": 1.1,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97042094/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-04"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-06476"
},
{
"db": "VULMON",
"id": "CVE-2023-27858"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-015817"
},
{
"db": "NVD",
"id": "CVE-2023-27858"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2025-06476"
},
{
"db": "VULMON",
"id": "CVE-2023-27858"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-015817"
},
{
"db": "NVD",
"id": "CVE-2023-27858"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-06476"
},
{
"date": "2023-10-27T00:00:00",
"db": "VULMON",
"id": "CVE-2023-27858"
},
{
"date": "2023-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-015817"
},
{
"date": "2023-10-27T19:15:41.230000",
"db": "NVD",
"id": "CVE-2023-27858"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-06476"
},
{
"date": "2023-10-29T00:00:00",
"db": "VULMON",
"id": "CVE-2023-27858"
},
{
"date": "2023-12-28T04:37:00",
"db": "JVNDB",
"id": "JVNDB-2023-015817"
},
{
"date": "2024-12-17T16:13:20.770000",
"db": "NVD",
"id": "CVE-2023-27858"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0arena\u00a0simulation\u00a0 Vulnerability in accessing uninitialized pointers in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-015817"
}
],
"trust": 0.8
}
}
VAR-202412-2528
Vulnerability from variot - Updated: 2025-03-14 22:44Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. (DoS) It may be in a state. The issue results from the lack of validating the existence of an object prior to performing operations on the object. Rockwell Automation Arena Simulation is a set of simulation software from Rockwell Automation, an American company, that provides 3D animation and graphics functions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202412-2528",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "arena",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "16.20.07"
},
{
"model": "arena",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "arena",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "16.20.07"
},
{
"model": "arena",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "arena simulation",
"scope": null,
"trust": 0.7,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation arena simulation",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1714"
},
{
"db": "CNVD",
"id": "CNVD-2025-00881"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-016255"
},
{
"db": "NVD",
"id": "CVE-2024-12175"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rocco Calvi (@TecR0c) with TecSecurity",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1714"
}
],
"trust": 0.7
},
"cve": "CVE-2024-12175",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2025-00881",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-12175",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-12175",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-12175",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2024-12175",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-12175",
"trust": 1.0,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2024-12175",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2024-12175",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2025-00881",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1714"
},
{
"db": "CNVD",
"id": "CNVD-2025-00881"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-016255"
},
{
"db": "NVD",
"id": "CVE-2024-12175"
},
{
"db": "NVD",
"id": "CVE-2024-12175"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Another \u201cuse after free\u201d\u00a0code execution vulnerability exists in the Rockwell Automation\u00a0Arena\u00ae\u00a0that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. (DoS) It may be in a state. The issue results from the lack of validating the existence of an object prior to performing operations on the object. Rockwell Automation Arena Simulation is a set of simulation software from Rockwell Automation, an American company, that provides 3D animation and graphics functions",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-12175"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-016255"
},
{
"db": "ZDI",
"id": "ZDI-24-1714"
},
{
"db": "CNVD",
"id": "CNVD-2025-00881"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-12175",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-24-1714",
"trust": 1.3
},
{
"db": "JVN",
"id": "JVNVU91729891",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-345-06",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-016255",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-24158",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2025-00881",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1714"
},
{
"db": "CNVD",
"id": "CNVD-2025-00881"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-016255"
},
{
"db": "NVD",
"id": "CVE-2024-12175"
}
]
},
"id": "VAR-202412-2528",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-00881"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2025-00881"
}
]
},
"last_update_date": "2025-03-14T22:44:31.374000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1713.html"
},
{
"title": "Patch for Rockwell Automation Arena Simulation DOE File Memory Misreference Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/650131"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1714"
},
{
"db": "CNVD",
"id": "CNVD-2025-00881"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.0
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-016255"
},
{
"db": "NVD",
"id": "CVE-2024-12175"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.sd1713.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91729891/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-12175"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-06"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-24-1714/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-1714"
},
{
"db": "CNVD",
"id": "CNVD-2025-00881"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-016255"
},
{
"db": "NVD",
"id": "CVE-2024-12175"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-1714"
},
{
"db": "CNVD",
"id": "CNVD-2025-00881"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-016255"
},
{
"db": "NVD",
"id": "CVE-2024-12175"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-12-19T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1714"
},
{
"date": "2025-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-00881"
},
{
"date": "2025-01-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-016255"
},
{
"date": "2024-12-19T21:15:07.530000",
"db": "NVD",
"id": "CVE-2024-12175"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-12-19T00:00:00",
"db": "ZDI",
"id": "ZDI-24-1714"
},
{
"date": "2025-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2025-00881"
},
{
"date": "2025-01-16T01:40:00",
"db": "JVNDB",
"id": "JVNDB-2024-016255"
},
{
"date": "2025-03-13T17:15:25.333000",
"db": "NVD",
"id": "CVE-2024-12175"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0Arena\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-016255"
}
],
"trust": 0.8
}
}
VAR-202403-2758
Vulnerability from variot - Updated: 2024-12-17 22:56An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202403-2758",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "arena",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "16.20.03"
},
{
"model": "arena",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "16.00.00"
},
{
"model": "arena simulation",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "16.00.00 that\u0027s all 16.20.03"
},
{
"model": "arena simulation",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "arena simulation",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation arena simulation software",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "16.00"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18334"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014211"
},
{
"db": "NVD",
"id": "CVE-2024-21919"
}
]
},
"cve": "CVE-2024-21919",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2024-18334",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "PSIRT@rockwellautomation.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-21919",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-21919",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-21919",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-21919",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-21919",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-18334",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18334"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014211"
},
{
"db": "NVD",
"id": "CVE-2024-21919"
},
{
"db": "NVD",
"id": "CVE-2024-21919"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nAn uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-21919"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014211"
},
{
"db": "CNVD",
"id": "CNVD-2024-18334"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-21919",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014211",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-18334",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18334"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014211"
},
{
"db": "NVD",
"id": "CVE-2024-21919"
}
]
},
"id": "VAR-202403-2758",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18334"
}
],
"trust": 1.33333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18334"
}
]
},
"last_update_date": "2024-12-17T22:56:58.140000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation Arena Simulation Software Uninitialized Pointer Access Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/543381"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18334"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-824",
"trust": 1.0
},
{
"problemtype": "Accessing uninitialized pointers (CWE-824) [ others ]",
"trust": 0.8
},
{
"problemtype": " Accessing uninitialized pointers (CWE-824) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-014211"
},
{
"db": "NVD",
"id": "CVE-2024-21919"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.rockwellautomation.com/en-us/support/advisory.sd-1665.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-21919"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18334"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014211"
},
{
"db": "NVD",
"id": "CVE-2024-21919"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-18334"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014211"
},
{
"db": "NVD",
"id": "CVE-2024-21919"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-18334"
},
{
"date": "2024-12-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-014211"
},
{
"date": "2024-03-26T16:15:11.073000",
"db": "NVD",
"id": "CVE-2024-21919"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-18334"
},
{
"date": "2024-12-10T02:13:00",
"db": "JVNDB",
"id": "JVNDB-2024-014211"
},
{
"date": "2024-12-17T16:16:16.773000",
"db": "NVD",
"id": "CVE-2024-21919"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0arena\u00a0simulation\u00a0 Vulnerability in accessing uninitialized pointers in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-014211"
}
],
"trust": 0.8
}
}
VAR-202001-0758
Vulnerability from variot - Updated: 2024-12-17 22:47A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of DOE files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "arena",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "16.00.00"
},
{
"_id": null,
"model": "arena simulation software",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"_id": null,
"model": "arena simulation software",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "16.00.00"
},
{
"_id": null,
"model": "arena simulation",
"scope": null,
"trust": 0.7,
"vendor": "rockwell automation",
"version": null
},
{
"_id": null,
"model": "automation rockwell automation arena simulation software",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
},
{
"_id": null,
"model": "arena simulation",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": null
},
{
"_id": null,
"model": "arena simulation",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "16.00.00"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-802"
},
{
"db": "CNVD",
"id": "CNVD-2020-14916"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014431"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-368"
},
{
"db": "NVD",
"id": "CVE-2019-13519"
}
]
},
"credits": {
"_id": null,
"data": "kimiya of 9SG Security Team - kimiya@9sgsec.com",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-802"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-368"
}
],
"trust": 1.3
},
"cve": "CVE-2019-13519",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-13519",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-14916",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-145373",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-13519",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13519",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-13519",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13519",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-13519",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2019-13519",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-14916",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-368",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-145373",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-802"
},
{
"db": "CNVD",
"id": "CNVD-2020-14916"
},
{
"db": "VULHUB",
"id": "VHN-145373"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014431"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-368"
},
{
"db": "NVD",
"id": "CVE-2019-13519"
}
]
},
"description": {
"_id": null,
"data": "A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of DOE files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13519"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014431"
},
{
"db": "ZDI",
"id": "ZDI-19-802"
},
{
"db": "CNVD",
"id": "CNVD-2020-14916"
},
{
"db": "VULHUB",
"id": "VHN-145373"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-13519",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-19-802",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-19-213-05",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014431",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8175",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-14916",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201909-368",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-145373",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-802"
},
{
"db": "CNVD",
"id": "CNVD-2020-14916"
},
{
"db": "VULHUB",
"id": "VHN-145373"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014431"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-368"
},
{
"db": "NVD",
"id": "CVE-2019-13519"
}
]
},
"id": "VAR-202001-0758",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14916"
},
{
"db": "VULHUB",
"id": "VHN-145373"
}
],
"trust": 1.566666675
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14916"
}
]
},
"last_update_date": "2024-12-17T22:47:16.643000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.rockwellautomation.com/global/overview.page"
},
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05"
},
{
"title": "Patch for Rockwell Automation Arena Simulation Software Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/206323"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-802"
},
{
"db": "CNVD",
"id": "CNVD-2020-14916"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014431"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-843",
"trust": 1.1
},
{
"problemtype": "Wrong mix of types (CWE-843) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145373"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014431"
},
{
"db": "NVD",
"id": "CVE-2019-13519"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05"
},
{
"trust": 2.3,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-802/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13519"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-802"
},
{
"db": "CNVD",
"id": "CNVD-2020-14916"
},
{
"db": "VULHUB",
"id": "VHN-145373"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014431"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-368"
},
{
"db": "NVD",
"id": "CVE-2019-13519"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-19-802",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-14916",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-145373",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014431",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201909-368",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-13519",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-09-09T00:00:00",
"db": "ZDI",
"id": "ZDI-19-802",
"ident": null
},
{
"date": "2020-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-14916",
"ident": null
},
{
"date": "2020-01-27T00:00:00",
"db": "VULHUB",
"id": "VHN-145373",
"ident": null
},
{
"date": "2020-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014431",
"ident": null
},
{
"date": "2019-09-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-368",
"ident": null
},
{
"date": "2020-01-27T23:15:10.437000",
"db": "NVD",
"id": "CVE-2019-13519",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-09-09T00:00:00",
"db": "ZDI",
"id": "ZDI-19-802",
"ident": null
},
{
"date": "2020-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-14916",
"ident": null
},
{
"date": "2020-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-145373",
"ident": null
},
{
"date": "2020-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014431",
"ident": null
},
{
"date": "2020-03-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-368",
"ident": null
},
{
"date": "2024-12-17T15:52:01.670000",
"db": "NVD",
"id": "CVE-2019-13519",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-368"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Rockwell\u00a0Automation\u00a0Arena\u00a0Simulation\u00a0Software\u00a0 Vulnerabilities in type mixing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014431"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-368"
}
],
"trust": 0.6
}
}
VAR-201909-0993
Vulnerability from variot - Updated: 2024-12-17 22:47In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized. 9502-Ax Contains a vulnerability in uninitialized pointer access.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of DOE files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. 9502-Ax 16.00.00 and previous versions have security vulnerabilities. 9502-Ax 16.00.00 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0993",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "arena",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "16.00.00"
},
{
"model": "arena simulation software",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "16.00.00"
},
{
"model": "arena simulation",
"scope": null,
"trust": 0.7,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation arena simulation software",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=16.00.00"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-993"
},
{
"db": "CNVD",
"id": "CNVD-2020-38697"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009665"
},
{
"db": "NVD",
"id": "CVE-2019-13527"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:rockwellautomation:arena_simulation_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009665"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya of 9SG Security Team - kimiya@9sgsec.com",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-993"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1099"
}
],
"trust": 1.3
},
"cve": "CVE-2019-13527",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-13527",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-38697",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-145382",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-13527",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13527",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-13527",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13527",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-13527",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2019-13527",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-38697",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-1099",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-145382",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-993"
},
{
"db": "CNVD",
"id": "CNVD-2020-38697"
},
{
"db": "VULHUB",
"id": "VHN-145382"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009665"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1099"
},
{
"db": "NVD",
"id": "CVE-2019-13527"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized. 9502-Ax Contains a vulnerability in uninitialized pointer access.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of DOE files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. 9502-Ax 16.00.00 and previous versions have security vulnerabilities. 9502-Ax 16.00.00 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13527"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009665"
},
{
"db": "ZDI",
"id": "ZDI-19-993"
},
{
"db": "CNVD",
"id": "CNVD-2020-38697"
},
{
"db": "VULHUB",
"id": "VHN-145382"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13527",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-19-993",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-19-213-05",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009665",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8682",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-38697",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1099",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-145382",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-993"
},
{
"db": "CNVD",
"id": "CNVD-2020-38697"
},
{
"db": "VULHUB",
"id": "VHN-145382"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009665"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1099"
},
{
"db": "NVD",
"id": "CVE-2019-13527"
}
]
},
"id": "VAR-201909-0993",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38697"
},
{
"db": "VULHUB",
"id": "VHN-145382"
}
],
"trust": 1.4333333499999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38697"
}
]
},
"last_update_date": "2024-12-17T22:47:16.606000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.rockwellautomation.com/site-selection.html"
},
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05"
},
{
"title": "Patch for Rockwell Automation Arena Simulation Software Cat. 9502-Ax buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/225423"
},
{
"title": "Rockwell Automation Arena Simulation Software Cat. 9502-Ax Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98518"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-993"
},
{
"db": "CNVD",
"id": "CNVD-2020-38697"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009665"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1099"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-824",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145382"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009665"
},
{
"db": "NVD",
"id": "CVE-2019-13527"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05"
},
{
"trust": 2.3,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-993/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13527"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13527"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-993"
},
{
"db": "CNVD",
"id": "CNVD-2020-38697"
},
{
"db": "VULHUB",
"id": "VHN-145382"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009665"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1099"
},
{
"db": "NVD",
"id": "CVE-2019-13527"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-19-993"
},
{
"db": "CNVD",
"id": "CNVD-2020-38697"
},
{
"db": "VULHUB",
"id": "VHN-145382"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009665"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1099"
},
{
"db": "NVD",
"id": "CVE-2019-13527"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-26T00:00:00",
"db": "ZDI",
"id": "ZDI-19-993"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38697"
},
{
"date": "2019-09-24T00:00:00",
"db": "VULHUB",
"id": "VHN-145382"
},
{
"date": "2019-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009665"
},
{
"date": "2019-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1099"
},
{
"date": "2019-09-24T22:15:12.967000",
"db": "NVD",
"id": "CVE-2019-13527"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-26T00:00:00",
"db": "ZDI",
"id": "ZDI-19-993"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38697"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-145382"
},
{
"date": "2019-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009665"
},
{
"date": "2019-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1099"
},
{
"date": "2024-12-17T15:52:51.450000",
"db": "NVD",
"id": "CVE-2019-13527"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1099"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation Arena Simulation Software Cat. 9502-Ax Vulnerable to uninitialized pointer access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009665"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1099"
}
],
"trust": 0.6
}
}
VAR-202001-0760
Vulnerability from variot - Updated: 2024-12-17 22:47A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of DOE files. Crafted data in a DOE file can allow execution of arbitrary commands without prompting the user. An attacker can leverage this vulnerability to execute code in the context of the current user
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "arena",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "16.00.00"
},
{
"_id": null,
"model": "arena simulation software",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"_id": null,
"model": "arena simulation software",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "16.00.00"
},
{
"_id": null,
"model": "arena simulation",
"scope": null,
"trust": 0.7,
"vendor": "rockwell automation",
"version": null
},
{
"_id": null,
"model": "automation rockwell automation arena simulation software",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=16.00.00"
},
{
"_id": null,
"model": "arena simulation",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": null
},
{
"_id": null,
"model": "arena simulation",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "16.00.00"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-799"
},
{
"db": "CNVD",
"id": "CNVD-2020-14918"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014432"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-367"
},
{
"db": "NVD",
"id": "CVE-2019-13521"
}
]
},
"credits": {
"_id": null,
"data": "kimiya of 9SG Security Team - kimiya@9sgsec.com",
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-799"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-367"
}
],
"trust": 1.3
},
"cve": "CVE-2019-13521",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-13521",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-14918",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-145376",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-13521",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13521",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-13521",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13521",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-13521",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2019-13521",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-14918",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-367",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-145376",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-799"
},
{
"db": "CNVD",
"id": "CNVD-2020-14918"
},
{
"db": "VULHUB",
"id": "VHN-145376"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014432"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-367"
},
{
"db": "NVD",
"id": "CVE-2019-13521"
}
]
},
"description": {
"_id": null,
"data": "A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of DOE files. Crafted data in a DOE file can allow execution of arbitrary commands without prompting the user. An attacker can leverage this vulnerability to execute code in the context of the current user",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13521"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014432"
},
{
"db": "ZDI",
"id": "ZDI-19-799"
},
{
"db": "CNVD",
"id": "CNVD-2020-14918"
},
{
"db": "VULHUB",
"id": "VHN-145376"
}
],
"trust": 2.88
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-13521",
"trust": 3.8
},
{
"db": "ZDI",
"id": "ZDI-19-799",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-19-213-05",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014432",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8134",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-14918",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201909-367",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-145376",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-799"
},
{
"db": "CNVD",
"id": "CNVD-2020-14918"
},
{
"db": "VULHUB",
"id": "VHN-145376"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014432"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-367"
},
{
"db": "NVD",
"id": "CVE-2019-13521"
}
]
},
"id": "VAR-202001-0760",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14918"
},
{
"db": "VULHUB",
"id": "VHN-145376"
}
],
"trust": 1.566666675
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14918"
}
]
},
"last_update_date": "2024-12-17T22:47:16.468000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.rockwellautomation.com/global/overview.page"
},
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05"
},
{
"title": "Patch for Rockwell Automation Arena Simulation Software code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/206319"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-799"
},
{
"db": "CNVD",
"id": "CNVD-2020-14918"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014432"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-357",
"trust": 1.0
},
{
"problemtype": "Other (CWE-Other) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014432"
},
{
"db": "NVD",
"id": "CVE-2019-13521"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05"
},
{
"trust": 2.3,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-799/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13521"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-799"
},
{
"db": "CNVD",
"id": "CNVD-2020-14918"
},
{
"db": "VULHUB",
"id": "VHN-145376"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014432"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-367"
},
{
"db": "NVD",
"id": "CVE-2019-13521"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-19-799",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-14918",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-145376",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014432",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201909-367",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-13521",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-09-09T00:00:00",
"db": "ZDI",
"id": "ZDI-19-799",
"ident": null
},
{
"date": "2020-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-14918",
"ident": null
},
{
"date": "2020-01-27T00:00:00",
"db": "VULHUB",
"id": "VHN-145376",
"ident": null
},
{
"date": "2020-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014432",
"ident": null
},
{
"date": "2019-09-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-367",
"ident": null
},
{
"date": "2020-01-27T23:15:10.497000",
"db": "NVD",
"id": "CVE-2019-13521",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-09-09T00:00:00",
"db": "ZDI",
"id": "ZDI-19-799",
"ident": null
},
{
"date": "2020-03-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-14918",
"ident": null
},
{
"date": "2020-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-145376",
"ident": null
},
{
"date": "2020-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014432",
"ident": null
},
{
"date": "2020-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-367",
"ident": null
},
{
"date": "2024-12-17T15:52:01.670000",
"db": "NVD",
"id": "CVE-2019-13521",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-367"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Rockwell\u00a0Automation\u00a0Arena\u00a0Simulation\u00a0Software\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014432"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-367"
}
],
"trust": 0.6
}
}
VAR-201908-1965
Vulnerability from variot - Updated: 2024-12-17 22:47Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of project files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. 9502-Ax) 16.00.00 and earlier versions. The vulnerability stems from network system or product configuration errors during operation
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "arena simulation",
"scope": null,
"trust": 4.2,
"vendor": "rockwell automation",
"version": null
},
{
"_id": null,
"model": "arena",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "16.00.00"
},
{
"_id": null,
"model": "arena simulation software",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "16.00.00"
},
{
"_id": null,
"model": "automation arena simulation software",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=16.00.00"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-695"
},
{
"db": "ZDI",
"id": "ZDI-20-814"
},
{
"db": "ZDI",
"id": "ZDI-20-813"
},
{
"db": "ZDI",
"id": "ZDI-20-812"
},
{
"db": "ZDI",
"id": "ZDI-20-811"
},
{
"db": "ZDI",
"id": "ZDI-20-810"
},
{
"db": "CNVD",
"id": "CNVD-2020-38698"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008328"
},
{
"db": "NVD",
"id": "CVE-2019-13511"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:rockwellautomation:arena_simulation_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008328"
}
]
},
"credits": {
"_id": null,
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-814"
},
{
"db": "ZDI",
"id": "ZDI-20-813"
},
{
"db": "ZDI",
"id": "ZDI-20-812"
},
{
"db": "ZDI",
"id": "ZDI-20-811"
},
{
"db": "ZDI",
"id": "ZDI-20-810"
}
],
"trust": 3.5
},
"cve": "CVE-2019-13511",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-13511",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-38698",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-145365",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-13511",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 3.5,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2019-13511",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-13511",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2019-13511",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2019-13511",
"trust": 3.5,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13511",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2019-13511",
"trust": 0.8,
"value": "Low"
},
{
"author": "ZDI",
"id": "CVE-2019-13511",
"trust": 0.7,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2020-38698",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-146",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-145365",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-695"
},
{
"db": "ZDI",
"id": "ZDI-20-814"
},
{
"db": "ZDI",
"id": "ZDI-20-813"
},
{
"db": "ZDI",
"id": "ZDI-20-812"
},
{
"db": "ZDI",
"id": "ZDI-20-811"
},
{
"db": "ZDI",
"id": "ZDI-20-810"
},
{
"db": "CNVD",
"id": "CNVD-2020-38698"
},
{
"db": "VULHUB",
"id": "VHN-145365"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008328"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-146"
},
{
"db": "NVD",
"id": "CVE-2019-13511"
}
]
},
"description": {
"_id": null,
"data": "Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of project files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. 9502-Ax) 16.00.00 and earlier versions. The vulnerability stems from network system or product configuration errors during operation",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13511"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008328"
},
{
"db": "ZDI",
"id": "ZDI-19-695"
},
{
"db": "ZDI",
"id": "ZDI-20-814"
},
{
"db": "ZDI",
"id": "ZDI-20-813"
},
{
"db": "ZDI",
"id": "ZDI-20-812"
},
{
"db": "ZDI",
"id": "ZDI-20-811"
},
{
"db": "ZDI",
"id": "ZDI-20-810"
},
{
"db": "CNVD",
"id": "CNVD-2020-38698"
},
{
"db": "VULHUB",
"id": "VHN-145365"
}
],
"trust": 6.03
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-13511",
"trust": 7.3
},
{
"db": "ICS CERT",
"id": "ICSA-19-213-05",
"trust": 2.5
},
{
"db": "ZDI",
"id": "ZDI-20-814",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-813",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-812",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-811",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-20-810",
"trust": 2.4
},
{
"db": "ZDI",
"id": "ZDI-19-695",
"trust": 1.3
},
{
"db": "AUSCERT",
"id": "ESB-2019.2900",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008328",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-8014",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10470",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10374",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10373",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10129",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10186",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-38698",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201908-146",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "47670",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-145365",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-695"
},
{
"db": "ZDI",
"id": "ZDI-20-814"
},
{
"db": "ZDI",
"id": "ZDI-20-813"
},
{
"db": "ZDI",
"id": "ZDI-20-812"
},
{
"db": "ZDI",
"id": "ZDI-20-811"
},
{
"db": "ZDI",
"id": "ZDI-20-810"
},
{
"db": "CNVD",
"id": "CNVD-2020-38698"
},
{
"db": "VULHUB",
"id": "VHN-145365"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008328"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-146"
},
{
"db": "NVD",
"id": "CVE-2019-13511"
}
]
},
"id": "VAR-201908-1965",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38698"
},
{
"db": "VULHUB",
"id": "VHN-145365"
}
],
"trust": 1.4333333499999998
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38698"
}
]
},
"last_update_date": "2024-12-17T22:47:16.409000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 4.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.rockwellautomation.com/"
},
{
"title": "Patch for Rockwell Automation Arena Simulation Software Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/225421"
},
{
"title": "Rockwell Automation Arena Simulation Software Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95908"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-695"
},
{
"db": "ZDI",
"id": "ZDI-20-814"
},
{
"db": "ZDI",
"id": "ZDI-20-813"
},
{
"db": "ZDI",
"id": "ZDI-20-812"
},
{
"db": "ZDI",
"id": "ZDI-20-811"
},
{
"db": "ZDI",
"id": "ZDI-20-810"
},
{
"db": "CNVD",
"id": "CNVD-2020-38698"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008328"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-146"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
},
{
"problemtype": "CWE-416",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145365"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008328"
},
{
"db": "NVD",
"id": "CVE-2019-13511"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 6.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05"
},
{
"trust": 2.3,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-814/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-810/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-811/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-812/"
},
{
"trust": 1.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-813/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13511"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2900/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13511"
},
{
"trust": 0.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-19-695/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47670"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-19-695"
},
{
"db": "ZDI",
"id": "ZDI-20-814"
},
{
"db": "ZDI",
"id": "ZDI-20-813"
},
{
"db": "ZDI",
"id": "ZDI-20-812"
},
{
"db": "ZDI",
"id": "ZDI-20-811"
},
{
"db": "ZDI",
"id": "ZDI-20-810"
},
{
"db": "CNVD",
"id": "CNVD-2020-38698"
},
{
"db": "VULHUB",
"id": "VHN-145365"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008328"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-146"
},
{
"db": "NVD",
"id": "CVE-2019-13511"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-19-695",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-814",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-813",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-812",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-811",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-20-810",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-38698",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-145365",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008328",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201908-146",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-13511",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-08-08T00:00:00",
"db": "ZDI",
"id": "ZDI-19-695",
"ident": null
},
{
"date": "2020-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-20-814",
"ident": null
},
{
"date": "2020-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-20-813",
"ident": null
},
{
"date": "2020-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-20-812",
"ident": null
},
{
"date": "2020-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-20-811",
"ident": null
},
{
"date": "2020-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-20-810",
"ident": null
},
{
"date": "2020-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38698",
"ident": null
},
{
"date": "2019-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-145365",
"ident": null
},
{
"date": "2019-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008328",
"ident": null
},
{
"date": "2019-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-146",
"ident": null
},
{
"date": "2019-08-15T19:15:10.950000",
"db": "NVD",
"id": "CVE-2019-13511",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-08-08T00:00:00",
"db": "ZDI",
"id": "ZDI-19-695",
"ident": null
},
{
"date": "2020-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-20-814",
"ident": null
},
{
"date": "2020-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-20-813",
"ident": null
},
{
"date": "2020-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-20-812",
"ident": null
},
{
"date": "2021-06-29T00:00:00",
"db": "ZDI",
"id": "ZDI-20-811",
"ident": null
},
{
"date": "2020-07-07T00:00:00",
"db": "ZDI",
"id": "ZDI-20-810",
"ident": null
},
{
"date": "2020-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38698",
"ident": null
},
{
"date": "2020-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-145365",
"ident": null
},
{
"date": "2019-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008328",
"ident": null
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-146",
"ident": null
},
{
"date": "2024-12-17T15:52:51.450000",
"db": "NVD",
"id": "CVE-2019-13511",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-146"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-814"
},
{
"db": "ZDI",
"id": "ZDI-20-813"
},
{
"db": "ZDI",
"id": "ZDI-20-812"
},
{
"db": "ZDI",
"id": "ZDI-20-811"
},
{
"db": "ZDI",
"id": "ZDI-20-810"
}
],
"trust": 3.5
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-146"
}
],
"trust": 0.6
}
}
VAR-202310-1098
Vulnerability from variot - Updated: 2024-12-17 22:36An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute. Rockwell Automation of arena simulation Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation Arena Simulation Software is a set of simulation software from Rockwell Automation, an American company, that provides 3D animation and graphics functions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202310-1098",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "arena",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "16.20.02"
},
{
"model": "arena simulation",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "16.20.02"
},
{
"model": "arena simulation",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "arena simulation",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation rockwell automation arena simulation software",
"scope": null,
"trust": 0.6,
"vendor": "rockwell",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-30639"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-015818"
},
{
"db": "NVD",
"id": "CVE-2023-27854"
}
]
},
"cve": "CVE-2023-27854",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2024-30639",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "PSIRT@rockwellautomation.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2023-27854",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-27854",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2023-27854",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2023-27854",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2023-27854",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-30639",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-30639"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-015818"
},
{
"db": "NVD",
"id": "CVE-2023-27854"
},
{
"db": "NVD",
"id": "CVE-2023-27854"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nAn arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. \u00a0The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. \u00a0The user would need to open a malicious file provided to them by the attacker for the code to execute. Rockwell Automation of arena simulation Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation Arena Simulation Software is a set of simulation software from Rockwell Automation, an American company, that provides 3D animation and graphics functions",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-27854"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-015818"
},
{
"db": "CNVD",
"id": "CNVD-2024-30639"
},
{
"db": "VULMON",
"id": "CVE-2023-27854"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-27854",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-23-299-04",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU97042094",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-015818",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-30639",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-27854",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-30639"
},
{
"db": "VULMON",
"id": "CVE-2023-27854"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-015818"
},
{
"db": "NVD",
"id": "CVE-2023-27854"
}
]
},
"id": "VAR-202310-1098",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-30639"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-30639"
}
]
},
"last_update_date": "2024-12-17T22:36:40.944000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation Arena Simulation Software Buffer Overflow Vulnerability (CNVD-2024-30639)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/565591"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-30639"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds read (CWE-125) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-015818"
},
{
"db": "NVD",
"id": "CVE-2023-27854"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27854"
},
{
"trust": 1.1,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97042094/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-04"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-30639"
},
{
"db": "VULMON",
"id": "CVE-2023-27854"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-015818"
},
{
"db": "NVD",
"id": "CVE-2023-27854"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-30639"
},
{
"db": "VULMON",
"id": "CVE-2023-27854"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-015818"
},
{
"db": "NVD",
"id": "CVE-2023-27854"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-30639"
},
{
"date": "2023-10-27T00:00:00",
"db": "VULMON",
"id": "CVE-2023-27854"
},
{
"date": "2023-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-015818"
},
{
"date": "2023-10-27T19:15:41.157000",
"db": "NVD",
"id": "CVE-2023-27854"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-07-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-30639"
},
{
"date": "2023-10-29T00:00:00",
"db": "VULMON",
"id": "CVE-2023-27854"
},
{
"date": "2023-12-28T04:37:00",
"db": "JVNDB",
"id": "JVNDB-2023-015818"
},
{
"date": "2024-12-17T16:14:05.870000",
"db": "NVD",
"id": "CVE-2023-27854"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0arena\u00a0simulation\u00a0 Out-of-bounds read vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-015818"
}
],
"trust": 0.8
}
}
VAR-202403-2964
Vulnerability from variot - Updated: 2024-12-17 22:36A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Rockwell Automation of arena simulation Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation Arena Simulation Software is a set of simulation software from Rockwell Automation of the United States that provides 3D animation and graphics functions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202403-2964",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "arena",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "16.20.03"
},
{
"model": "arena",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "16.00.00"
},
{
"model": "arena simulation",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "16.00.00 that\u0027s all 16.20.03"
},
{
"model": "arena simulation",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "arena simulation",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation arena simulation software",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "16.00"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18332"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014194"
},
{
"db": "NVD",
"id": "CVE-2024-21913"
}
]
},
"cve": "CVE-2024-21913",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2024-18332",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "PSIRT@rockwellautomation.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-21913",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-21913",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-21913",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-21913",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-21913",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-18332",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18332"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014194"
},
{
"db": "NVD",
"id": "CVE-2024-21913"
},
{
"db": "NVD",
"id": "CVE-2024-21913"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nA heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Rockwell Automation of arena simulation Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation Arena Simulation Software is a set of simulation software from Rockwell Automation of the United States that provides 3D animation and graphics functions",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-21913"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014194"
},
{
"db": "CNVD",
"id": "CNVD-2024-18332"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-21913",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-24-086-03",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95922371",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014194",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-18332",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18332"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014194"
},
{
"db": "NVD",
"id": "CVE-2024-21913"
}
]
},
"id": "VAR-202403-2964",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18332"
}
],
"trust": 1.33333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18332"
}
]
},
"last_update_date": "2024-12-17T22:36:09.423000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation Arena Simulation Software Heap Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/543371"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18332"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-014194"
},
{
"db": "NVD",
"id": "CVE-2024-21913"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.rockwellautomation.com/en-us/support/advisory.sd-1665.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95922371/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-21913"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-03"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18332"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014194"
},
{
"db": "NVD",
"id": "CVE-2024-21913"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-18332"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014194"
},
{
"db": "NVD",
"id": "CVE-2024-21913"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-18332"
},
{
"date": "2024-12-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-014194"
},
{
"date": "2024-03-26T16:15:10.670000",
"db": "NVD",
"id": "CVE-2024-21913"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-18332"
},
{
"date": "2024-12-10T00:45:00",
"db": "JVNDB",
"id": "JVNDB-2024-014194"
},
{
"date": "2024-12-17T16:16:24.157000",
"db": "NVD",
"id": "CVE-2024-21913"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0arena\u00a0simulation\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-014194"
}
],
"trust": 0.8
}
}
VAR-202403-2357
Vulnerability from variot - Updated: 2024-12-17 22:36A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Rockwell Automation of arena simulation Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation Arena Simulation Software is a set of simulation software from Rockwell Automation of the United States that provides 3D animation and graphics functions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202403-2357",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "arena",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "16.20.03"
},
{
"model": "arena",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "16.00.00"
},
{
"model": "arena simulation",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "16.00.00 that\u0027s all 16.20.03"
},
{
"model": "arena simulation",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "arena simulation",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation arena simulation software",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "16.00"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18333"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014255"
},
{
"db": "NVD",
"id": "CVE-2024-21918"
}
]
},
"cve": "CVE-2024-21918",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2024-18333",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "PSIRT@rockwellautomation.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-21918",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-21918",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-21918",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-21918",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-21918",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-18333",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18333"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014255"
},
{
"db": "NVD",
"id": "CVE-2024-21918"
},
{
"db": "NVD",
"id": "CVE-2024-21918"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nA memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Rockwell Automation of arena simulation Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation Arena Simulation Software is a set of simulation software from Rockwell Automation of the United States that provides 3D animation and graphics functions",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-21918"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014255"
},
{
"db": "CNVD",
"id": "CNVD-2024-18333"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-21918",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-24-086-03",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95922371",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014255",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-18333",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18333"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014255"
},
{
"db": "NVD",
"id": "CVE-2024-21918"
}
]
},
"id": "VAR-202403-2357",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18333"
}
],
"trust": 1.33333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18333"
}
]
},
"last_update_date": "2024-12-17T22:36:09.385000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation Arena Simulation Software Use-After-Free Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/543376"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18333"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.0
},
{
"problemtype": "Use of freed memory (CWE-416) [ others ]",
"trust": 0.8
},
{
"problemtype": " Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-014255"
},
{
"db": "NVD",
"id": "CVE-2024-21918"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.rockwellautomation.com/en-us/support/advisory.sd-1665.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95922371/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-21918"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-03"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-18333"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014255"
},
{
"db": "NVD",
"id": "CVE-2024-21918"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-18333"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014255"
},
{
"db": "NVD",
"id": "CVE-2024-21918"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-18333"
},
{
"date": "2024-12-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-014255"
},
{
"date": "2024-03-26T16:15:10.877000",
"db": "NVD",
"id": "CVE-2024-21918"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-18333"
},
{
"date": "2024-12-10T06:09:00",
"db": "JVNDB",
"id": "JVNDB-2024-014255"
},
{
"date": "2024-12-17T16:15:50.300000",
"db": "NVD",
"id": "CVE-2024-21918"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0arena\u00a0simulation\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-014255"
}
],
"trust": 0.8
}
}
VAR-202403-1239
Vulnerability from variot - Updated: 2024-12-17 22:36An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Rockwell Automation of arena simulation Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202403-1239",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "arena",
"scope": "lt",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "16.20.03"
},
{
"model": "arena",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "16.00.00"
},
{
"model": "arena simulation",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "16.00.00 that\u0027s all 16.20.03"
},
{
"model": "arena simulation",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "arena simulation",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "automation arena simulation software",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "16.00"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-15539"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014202"
},
{
"db": "NVD",
"id": "CVE-2024-21912"
}
]
},
"cve": "CVE-2024-21912",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2024-15539",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "PSIRT@rockwellautomation.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2024-21912",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-21912",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "PSIRT@rockwellautomation.com",
"id": "CVE-2024-21912",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-21912",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2024-21912",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-15539",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-15539"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014202"
},
{
"db": "NVD",
"id": "CVE-2024-21912"
},
{
"db": "NVD",
"id": "CVE-2024-21912"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\nAn arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor. Rockwell Automation of arena simulation Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-21912"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014202"
},
{
"db": "CNVD",
"id": "CNVD-2024-15539"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-21912",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-24-086-03",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95922371",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014202",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-15539",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-15539"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014202"
},
{
"db": "NVD",
"id": "CVE-2024-21912"
}
]
},
"id": "VAR-202403-1239",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-15539"
}
],
"trust": 1.33333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-15539"
}
]
},
"last_update_date": "2024-12-17T22:36:09.347000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Rockwell Automation Arena Simulation Software Arbitrary Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/537521"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-15539"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [ others ]",
"trust": 0.8
},
{
"problemtype": " Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-014202"
},
{
"db": "NVD",
"id": "CVE-2024-21912"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.rockwellautomation.com/en-us/support/advisory.sd-1665.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95922371/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-21912"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-086-03"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-15539"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014202"
},
{
"db": "NVD",
"id": "CVE-2024-21912"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-15539"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-014202"
},
{
"db": "NVD",
"id": "CVE-2024-21912"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-03-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-15539"
},
{
"date": "2024-12-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-014202"
},
{
"date": "2024-03-26T16:15:10.440000",
"db": "NVD",
"id": "CVE-2024-21912"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-03-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-15539"
},
{
"date": "2024-12-10T01:29:00",
"db": "JVNDB",
"id": "JVNDB-2024-014202"
},
{
"date": "2024-12-17T16:16:07.373000",
"db": "NVD",
"id": "CVE-2024-21912"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 of \u00a0arena\u00a0simulation\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-014202"
}
],
"trust": 0.8
}
}
CVE-2024-2929 (GCVE-0-2024-2929)
Vulnerability from nvd – Published: 2024-03-26 15:56 – Updated: 2024-08-06 18:11
VLAI?
Title
Rockwell Automation Arena Simulation Vulnerable To Memory Corruption
Summary
A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Severity ?
7.8 (High)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Arena Simulation |
Affected:
Version 16.00 - 16.20.02
|
Credits
Michael Heinzl
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:41.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:arena_simulation_software:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arena_simulation_software",
"vendor": "rockwellautomation",
"versions": [
{
"lessThanOrEqual": "16.20.02",
"status": "affected",
"version": "16",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T18:09:27.284053Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T18:11:07.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arena Simulation",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Version 16.00 - 16.20.02"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Michael Heinzl"
}
],
"datePublic": "2024-03-26T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\u003c/span\u003e\n\n"
}
],
"value": "\nA memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T15:56:31.967Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate to v16.20.03 to remediate the issue.\u003c/p\u003e"
}
],
"value": "Update to v16.20.03 to remediate the issue.\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Arena Simulation Vulnerable To Memory Corruption",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cul\u003e\u003cli\u003eDo not open untrusted files from unknown sources.\u003c/li\u003e\u003cli\u003eFor information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003esecurity best practices\u003c/a\u003e\u0026nbsp;to minimize the risk of the vulnerability.\u003c/li\u003e\u003c/ul\u003e\n\n"
}
],
"value": "\n * Do not open untrusted files from unknown sources.\n * For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight \u00a0to minimize the risk of the vulnerability.\n\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-2929",
"datePublished": "2024-03-26T15:56:31.967Z",
"dateReserved": "2024-03-26T15:39:33.119Z",
"dateUpdated": "2024-08-06T18:11:07.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21920 (GCVE-0-2024-21920)
Vulnerability from nvd – Published: 2024-03-26 15:48 – Updated: 2024-08-06 18:02
VLAI?
Title
Rockwell Automation Arena Simulation Vulnerable To Buffer Overflow
Summary
A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Severity ?
4.4 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Arena Simulation |
Affected:
Version 16.00 - 16.20.02
|
Credits
Michael Heinzl
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T18:02:20.851838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T18:02:34.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arena Simulation",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Version 16.00 - 16.20.02"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Michael Heinzl"
}
],
"datePublic": "2024-03-26T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
}
],
"value": "\n\n\nA memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T15:48:59.735Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Arena Simulation Vulnerable To Buffer Overflow",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cul\u003e\u003cli\u003eDo not open untrusted files from unknown sources.\u003c/li\u003e\u003cli\u003eFor information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003esecurity best practices\u003c/a\u003e\u0026nbsp;to minimize the risk of the vulnerability.\u003c/li\u003e\u003c/ul\u003e\n\n"
}
],
"value": "\n * Do not open untrusted files from unknown sources.\n * For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight \u00a0to minimize the risk of the vulnerability.\n\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-21920",
"datePublished": "2024-03-26T15:48:59.735Z",
"dateReserved": "2024-01-03T16:40:50.368Z",
"dateUpdated": "2024-08-06T18:02:34.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21919 (GCVE-0-2024-21919)
Vulnerability from nvd – Published: 2024-03-26 15:46 – Updated: 2024-08-02 17:55
VLAI?
Title
Rockwell Automation Arena Simulation Vulnerable To Uninitialized Pointer
Summary
An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Severity ?
7.8 (High)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Arena Simulation |
Affected:
Version 16.00 - 16.20.02
|
Credits
Michael Heinzl
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:arena_simulation:16.00.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arena_simulation",
"vendor": "rockwellautomation",
"versions": [
{
"lessThanOrEqual": "16.20.02",
"status": "affected",
"version": "16.00.00",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T17:52:56.306084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T17:55:57.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arena Simulation",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Version 16.00 - 16.20.02"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Michael Heinzl"
}
],
"datePublic": "2024-03-26T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\u003c/span\u003e\n\n"
}
],
"value": "\nAn uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T15:46:38.129Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to v16.20.03"
}
],
"value": "Update to v16.20.03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Arena Simulation Vulnerable To Uninitialized Pointer",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-21919",
"datePublished": "2024-03-26T15:46:38.129Z",
"dateReserved": "2024-01-03T16:40:50.368Z",
"dateUpdated": "2024-08-02T17:55:57.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21918 (GCVE-0-2024-21918)
Vulnerability from nvd – Published: 2024-03-26 15:44 – Updated: 2024-08-06 15:05
VLAI?
Title
Rockwell Automation Arena Simulation Vulnerable To Memory Corruption
Summary
A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Arena Simulation |
Affected:
Version 16.00 - 16.20.02
|
Credits
Michael Heinzl
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:arena_simulation:16.00.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arena_simulation",
"vendor": "rockwellautomation",
"versions": [
{
"lessThanOrEqual": "16.20.02",
"status": "affected",
"version": "16.00.00",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T15:03:54.923310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T15:05:34.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arena Simulation",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Version 16.00 - 16.20.02"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Michael Heinzl"
}
],
"datePublic": "2024-03-26T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\u003c/span\u003e\n\n"
}
],
"value": "\nA memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T15:44:33.835Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to v16.20.03"
}
],
"value": "Update to v16.20.03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Arena Simulation Vulnerable To Memory Corruption",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-21918",
"datePublished": "2024-03-26T15:44:33.835Z",
"dateReserved": "2024-01-03T16:40:50.368Z",
"dateUpdated": "2024-08-06T15:05:34.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21913 (GCVE-0-2024-21913)
Vulnerability from nvd – Published: 2024-03-26 15:38 – Updated: 2024-08-02 20:03
VLAI?
Title
Rockwell Automation Arena Simulation Vulnerable To Memory Corruption
Summary
A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Severity ?
7.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Arena Simulation |
Affected:
Version 16.00 - 16.20.02
|
Credits
Michael Heinzl
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:arena_simulation_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arena_simulation_software",
"vendor": "rockwellautomation",
"versions": [
{
"lessThanOrEqual": "16.20.02",
"status": "affected",
"version": "16.00",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T19:31:28.580736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T20:03:36.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arena Simulation",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Version 16.00 - 16.20.02"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Michael Heinzl"
}
],
"datePublic": "2024-03-26T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\u003c/span\u003e\n\n"
}
],
"value": "\nA heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T15:38:23.962Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to v16.20.03"
}
],
"value": "Update to v16.20.03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Arena Simulation Vulnerable To Memory Corruption",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-21913",
"datePublished": "2024-03-26T15:38:23.962Z",
"dateReserved": "2024-01-03T16:40:50.367Z",
"dateUpdated": "2024-08-02T20:03:36.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21912 (GCVE-0-2024-21912)
Vulnerability from nvd – Published: 2024-03-26 15:34 – Updated: 2024-08-05 16:44
VLAI?
Title
Rockwell Automation Arena Simulation vulnerable to out of bounds write
Summary
An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Arena Simulation |
Affected:
Version 16.00 - 16.20.02
|
Credits
Michael Heinzl
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:arena_simulation:16.00.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arena_simulation",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "16.20.03",
"status": "affected",
"version": "16.00",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T16:38:18.444663Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T16:44:27.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arena Simulation",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Version 16.00 - 16.20.02"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Michael Heinzl"
}
],
"datePublic": "2024-03-26T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\u003c/span\u003e\n\n"
}
],
"value": "\nAn arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T15:34:35.837Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to v16.20.03"
}
],
"value": "Update to v16.20.03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Arena Simulation vulnerable to out of bounds write",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-21912",
"datePublished": "2024-03-26T15:34:35.837Z",
"dateReserved": "2024-01-03T16:40:50.367Z",
"dateUpdated": "2024-08-05T16:44:27.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27858 (GCVE-0-2023-27858)
Vulnerability from nvd – Published: 2023-10-27 18:58 – Updated: 2024-09-09 19:48
VLAI?
Title
Rockwell Automation Arena® Simulation Uninitialized Pointer Vulnerability
Summary
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.
Severity ?
7.8 (High)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Arena Simulation |
Affected:
All versions before the 16.20.02 Patch
|
Credits
These vulnerabilities were reported to Rockwell Automation by Michael Heinzl
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:arena_simulation:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arena_simulation",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "16.20.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T19:47:33.108286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T19:48:57.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arena Simulation",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All versions before the 16.20.02 Patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "These vulnerabilities were reported to Rockwell Automation by Michael Heinzl"
}
],
"datePublic": "2023-10-27T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an\u0026nbsp;uninitialized pointer in the application. \u0026nbsp;The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. \u0026nbsp;The user would need to open a malicious file provided to them by the attacker for the code to execute.\u003c/span\u003e\n\n"
}
],
"value": "\nRockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an\u00a0uninitialized pointer in the application. \u00a0The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. \u00a0The user would need to open a malicious file provided to them by the attacker for the code to execute.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-27T18:58:26.703Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cul\u003e\u003cli\u003eUpgrade to 16.20.02 which has been patched to mitigate these issues, by referencing \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141044\"\u003eBF29820 - Patch: ZDI Security Patch \u0026amp; Windows 11 updates , Arena 16.2\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "\n * Upgrade to 16.20.02 which has been patched to mitigate these issues, by referencing BF29820 - Patch: ZDI Security Patch \u0026 Windows 11 updates , Arena 16.2 https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141044 .\n\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Arena\u00ae Simulation Uninitialized Pointer Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-27858",
"datePublished": "2023-10-27T18:58:26.703Z",
"dateReserved": "2023-03-06T18:21:21.067Z",
"dateUpdated": "2024-09-09T19:48:57.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27854 (GCVE-0-2023-27854)
Vulnerability from nvd – Published: 2023-10-27 18:51 – Updated: 2024-09-10 14:26
VLAI?
Title
Rockwell Automation Arena® Simulation Out of Bounds Read Vulnerability
Summary
An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.
Severity ?
7.8 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Arena Simulation |
Affected:
All versions before 16.20.02 Patch
|
Credits
These vulnerabilities were reported to Rockwell Automation by Michael Heinzl.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T14:25:55.412720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:26:35.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arena Simulation",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All versions before 16.20.02 Patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "These vulnerabilities were reported to Rockwell Automation by Michael Heinzl. "
}
],
"datePublic": "2023-10-27T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. \u0026nbsp;The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. \u0026nbsp;The user would need to open a malicious file provided to them by the attacker for the code to execute.\u003c/span\u003e\u003cbr\u003e\n\n"
}
],
"value": "\nAn arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. \u00a0The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. \u00a0The user would need to open a malicious file provided to them by the attacker for the code to execute.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-27T18:51:30.505Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cul\u003e\u003cli\u003eUpgrade to 16.20.02 which has been patched to mitigate these issues, by referencing \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141044\"\u003eBF29820 - Patch: ZDI Security Patch \u0026amp; Windows 11 updates , Arena 16.2\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "\n * Upgrade to 16.20.02 which has been patched to mitigate these issues, by referencing BF29820 - Patch: ZDI Security Patch \u0026 Windows 11 updates , Arena 16.2 https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141044 .\n\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Arena\u00ae Simulation Out of Bounds Read Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-27854",
"datePublished": "2023-10-27T18:51:30.505Z",
"dateReserved": "2023-03-06T18:21:21.066Z",
"dateUpdated": "2024-09-10T14:26:35.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2929 (GCVE-0-2024-2929)
Vulnerability from cvelistv5 – Published: 2024-03-26 15:56 – Updated: 2024-08-06 18:11
VLAI?
Title
Rockwell Automation Arena Simulation Vulnerable To Memory Corruption
Summary
A memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Severity ?
7.8 (High)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Arena Simulation |
Affected:
Version 16.00 - 16.20.02
|
Credits
Michael Heinzl
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:32:41.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:arena_simulation_software:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arena_simulation_software",
"vendor": "rockwellautomation",
"versions": [
{
"lessThanOrEqual": "16.20.02",
"status": "affected",
"version": "16",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T18:09:27.284053Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T18:11:07.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arena Simulation",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Version 16.00 - 16.20.02"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Michael Heinzl"
}
],
"datePublic": "2024-03-26T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\u003c/span\u003e\n\n"
}
],
"value": "\nA memory corruption vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T15:56:31.967Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate to v16.20.03 to remediate the issue.\u003c/p\u003e"
}
],
"value": "Update to v16.20.03 to remediate the issue.\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Arena Simulation Vulnerable To Memory Corruption",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cul\u003e\u003cli\u003eDo not open untrusted files from unknown sources.\u003c/li\u003e\u003cli\u003eFor information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003esecurity best practices\u003c/a\u003e\u0026nbsp;to minimize the risk of the vulnerability.\u003c/li\u003e\u003c/ul\u003e\n\n"
}
],
"value": "\n * Do not open untrusted files from unknown sources.\n * For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight \u00a0to minimize the risk of the vulnerability.\n\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-2929",
"datePublished": "2024-03-26T15:56:31.967Z",
"dateReserved": "2024-03-26T15:39:33.119Z",
"dateUpdated": "2024-08-06T18:11:07.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21920 (GCVE-0-2024-21920)
Vulnerability from cvelistv5 – Published: 2024-03-26 15:48 – Updated: 2024-08-06 18:02
VLAI?
Title
Rockwell Automation Arena Simulation Vulnerable To Buffer Overflow
Summary
A memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Severity ?
4.4 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Arena Simulation |
Affected:
Version 16.00 - 16.20.02
|
Credits
Michael Heinzl
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T18:02:20.851838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T18:02:34.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arena Simulation",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Version 16.00 - 16.20.02"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Michael Heinzl"
}
],
"datePublic": "2024-03-26T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
}
],
"value": "\n\n\nA memory buffer vulnerability in Rockwell Automation Arena Simulation could potentially let a threat actor read beyond the intended memory boundaries. This could reveal sensitive information and even cause the application to crash, resulting in a denial-of-service condition. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T15:48:59.735Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Arena Simulation Vulnerable To Buffer Overflow",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cul\u003e\u003cli\u003eDo not open untrusted files from unknown sources.\u003c/li\u003e\u003cli\u003eFor information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight\"\u003esecurity best practices\u003c/a\u003e\u0026nbsp;to minimize the risk of the vulnerability.\u003c/li\u003e\u003c/ul\u003e\n\n"
}
],
"value": "\n * Do not open untrusted files from unknown sources.\n * For information on how to mitigate Security Risks on industrial automation control systems, we encourage customers to implement our suggested security best practices https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012/loc/en_US#__highlight \u00a0to minimize the risk of the vulnerability.\n\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-21920",
"datePublished": "2024-03-26T15:48:59.735Z",
"dateReserved": "2024-01-03T16:40:50.368Z",
"dateUpdated": "2024-08-06T18:02:34.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21919 (GCVE-0-2024-21919)
Vulnerability from cvelistv5 – Published: 2024-03-26 15:46 – Updated: 2024-08-02 17:55
VLAI?
Title
Rockwell Automation Arena Simulation Vulnerable To Uninitialized Pointer
Summary
An uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Severity ?
7.8 (High)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Arena Simulation |
Affected:
Version 16.00 - 16.20.02
|
Credits
Michael Heinzl
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:arena_simulation:16.00.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arena_simulation",
"vendor": "rockwellautomation",
"versions": [
{
"lessThanOrEqual": "16.20.02",
"status": "affected",
"version": "16.00.00",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T17:52:56.306084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T17:55:57.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arena Simulation",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Version 16.00 - 16.20.02"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Michael Heinzl"
}
],
"datePublic": "2024-03-26T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\u003c/span\u003e\n\n"
}
],
"value": "\nAn uninitialized pointer in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by leveraging the pointer after it is properly. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T15:46:38.129Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to v16.20.03"
}
],
"value": "Update to v16.20.03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Arena Simulation Vulnerable To Uninitialized Pointer",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-21919",
"datePublished": "2024-03-26T15:46:38.129Z",
"dateReserved": "2024-01-03T16:40:50.368Z",
"dateUpdated": "2024-08-02T17:55:57.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21918 (GCVE-0-2024-21918)
Vulnerability from cvelistv5 – Published: 2024-03-26 15:44 – Updated: 2024-08-06 15:05
VLAI?
Title
Rockwell Automation Arena Simulation Vulnerable To Memory Corruption
Summary
A memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Arena Simulation |
Affected:
Version 16.00 - 16.20.02
|
Credits
Michael Heinzl
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:arena_simulation:16.00.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arena_simulation",
"vendor": "rockwellautomation",
"versions": [
{
"lessThanOrEqual": "16.20.02",
"status": "affected",
"version": "16.00.00",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T15:03:54.923310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T15:05:34.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arena Simulation",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Version 16.00 - 16.20.02"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Michael Heinzl"
}
],
"datePublic": "2024-03-26T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\u003c/span\u003e\n\n"
}
],
"value": "\nA memory buffer vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code to the software by corrupting the memory and triggering an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T15:44:33.835Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to v16.20.03"
}
],
"value": "Update to v16.20.03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Arena Simulation Vulnerable To Memory Corruption",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-21918",
"datePublished": "2024-03-26T15:44:33.835Z",
"dateReserved": "2024-01-03T16:40:50.368Z",
"dateUpdated": "2024-08-06T15:05:34.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21913 (GCVE-0-2024-21913)
Vulnerability from cvelistv5 – Published: 2024-03-26 15:38 – Updated: 2024-08-02 20:03
VLAI?
Title
Rockwell Automation Arena Simulation Vulnerable To Memory Corruption
Summary
A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Severity ?
7.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Arena Simulation |
Affected:
Version 16.00 - 16.20.02
|
Credits
Michael Heinzl
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:arena_simulation_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arena_simulation_software",
"vendor": "rockwellautomation",
"versions": [
{
"lessThanOrEqual": "16.20.02",
"status": "affected",
"version": "16.00",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T19:31:28.580736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T20:03:36.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arena Simulation",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Version 16.00 - 16.20.02"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Michael Heinzl"
}
],
"datePublic": "2024-03-26T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\u003c/span\u003e\n\n"
}
],
"value": "\nA heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T15:38:23.962Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to v16.20.03"
}
],
"value": "Update to v16.20.03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Arena Simulation Vulnerable To Memory Corruption",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-21913",
"datePublished": "2024-03-26T15:38:23.962Z",
"dateReserved": "2024-01-03T16:40:50.367Z",
"dateUpdated": "2024-08-02T20:03:36.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21912 (GCVE-0-2024-21912)
Vulnerability from cvelistv5 – Published: 2024-03-26 15:34 – Updated: 2024-08-05 16:44
VLAI?
Title
Rockwell Automation Arena Simulation vulnerable to out of bounds write
Summary
An arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Arena Simulation |
Affected:
Version 16.00 - 16.20.02
|
Credits
Michael Heinzl
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:arena_simulation:16.00.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "arena_simulation",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "16.20.03",
"status": "affected",
"version": "16.00",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T16:38:18.444663Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T16:44:27.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arena Simulation",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Version 16.00 - 16.20.02"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Michael Heinzl"
}
],
"datePublic": "2024-03-26T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\u003c/span\u003e\n\n"
}
],
"value": "\nAn arbitrary code execution vulnerability in Rockwell Automation Arena Simulation could let a malicious user insert unauthorized code into the software. This is done by writing beyond the designated memory area, which causes an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threat actor.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T15:34:35.837Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/support/advisory.SD-1665.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to v16.20.03"
}
],
"value": "Update to v16.20.03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Arena Simulation vulnerable to out of bounds write",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2024-21912",
"datePublished": "2024-03-26T15:34:35.837Z",
"dateReserved": "2024-01-03T16:40:50.367Z",
"dateUpdated": "2024-08-05T16:44:27.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27858 (GCVE-0-2023-27858)
Vulnerability from cvelistv5 – Published: 2023-10-27 18:58 – Updated: 2024-09-09 19:48
VLAI?
Title
Rockwell Automation Arena® Simulation Uninitialized Pointer Vulnerability
Summary
Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.
Severity ?
7.8 (High)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Arena Simulation |
Affected:
All versions before the 16.20.02 Patch
|
Credits
These vulnerabilities were reported to Rockwell Automation by Michael Heinzl
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rockwellautomation:arena_simulation:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "arena_simulation",
"vendor": "rockwellautomation",
"versions": [
{
"lessThan": "16.20.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27858",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T19:47:33.108286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T19:48:57.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arena Simulation",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All versions before the 16.20.02 Patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "These vulnerabilities were reported to Rockwell Automation by Michael Heinzl"
}
],
"datePublic": "2023-10-27T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an\u0026nbsp;uninitialized pointer in the application. \u0026nbsp;The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. \u0026nbsp;The user would need to open a malicious file provided to them by the attacker for the code to execute.\u003c/span\u003e\n\n"
}
],
"value": "\nRockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an\u00a0uninitialized pointer in the application. \u00a0The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. \u00a0The user would need to open a malicious file provided to them by the attacker for the code to execute.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-27T18:58:26.703Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cul\u003e\u003cli\u003eUpgrade to 16.20.02 which has been patched to mitigate these issues, by referencing \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141044\"\u003eBF29820 - Patch: ZDI Security Patch \u0026amp; Windows 11 updates , Arena 16.2\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "\n * Upgrade to 16.20.02 which has been patched to mitigate these issues, by referencing BF29820 - Patch: ZDI Security Patch \u0026 Windows 11 updates , Arena 16.2 https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141044 .\n\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Arena\u00ae Simulation Uninitialized Pointer Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-27858",
"datePublished": "2023-10-27T18:58:26.703Z",
"dateReserved": "2023-03-06T18:21:21.067Z",
"dateUpdated": "2024-09-09T19:48:57.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27854 (GCVE-0-2023-27854)
Vulnerability from cvelistv5 – Published: 2023-10-27 18:51 – Updated: 2024-09-10 14:26
VLAI?
Title
Rockwell Automation Arena® Simulation Out of Bounds Read Vulnerability
Summary
An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.
Severity ?
7.8 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Arena Simulation |
Affected:
All versions before 16.20.02 Patch
|
Credits
These vulnerabilities were reported to Rockwell Automation by Michael Heinzl.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T14:25:55.412720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:26:35.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Arena Simulation",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "All versions before 16.20.02 Patch"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "These vulnerabilities were reported to Rockwell Automation by Michael Heinzl. "
}
],
"datePublic": "2023-10-27T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. \u0026nbsp;The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. \u0026nbsp;The user would need to open a malicious file provided to them by the attacker for the code to execute.\u003c/span\u003e\u003cbr\u003e\n\n"
}
],
"value": "\nAn arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. \u00a0The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. \u00a0The user would need to open a malicious file provided to them by the attacker for the code to execute.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-27T18:51:30.505Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cul\u003e\u003cli\u003eUpgrade to 16.20.02 which has been patched to mitigate these issues, by referencing \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141044\"\u003eBF29820 - Patch: ZDI Security Patch \u0026amp; Windows 11 updates , Arena 16.2\u003c/a\u003e.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "\n * Upgrade to 16.20.02 which has been patched to mitigate these issues, by referencing BF29820 - Patch: ZDI Security Patch \u0026 Windows 11 updates , Arena 16.2 https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141044 .\n\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Arena\u00ae Simulation Out of Bounds Read Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2023-27854",
"datePublished": "2023-10-27T18:51:30.505Z",
"dateReserved": "2023-03-06T18:21:21.066Z",
"dateUpdated": "2024-09-10T14:26:35.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}