CVE-2019-13511

Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
rockwellautomationarena
𝑥
≤ 16.00.00
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.us-cert.gov/ics/advisories/icsa-19-213-05
https://www.zerodayinitiative.com/advisories/ZDI-20-810/
https://www.zerodayinitiative.com/advisories/ZDI-20-811/
https://www.zerodayinitiative.com/advisories/ZDI-20-812/
https://www.zerodayinitiative.com/advisories/ZDI-20-813/
https://www.zerodayinitiative.com/advisories/ZDI-20-814/
https://www.us-cert.gov/ics/advisories/icsa-19-213-05
https://www.zerodayinitiative.com/advisories/ZDI-20-810/
https://www.zerodayinitiative.com/advisories/ZDI-20-811/
https://www.zerodayinitiative.com/advisories/ZDI-20-812/
https://www.zerodayinitiative.com/advisories/ZDI-20-813/
https://www.zerodayinitiative.com/advisories/ZDI-20-814/