CVE-2019-13511 — LOW (3.3) — White Hats Nepal

Q: How severe is CVE-2019-13511?

CVE-2019-13511 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-13511?

Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Arena.

Vulnerability Description

Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation.

CVSS Score

3.3

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Rockwellautomation	Arena	<= 16.00.00

Related Weaknesses (CWE)

CWE-416 CWE-200

References

https://www.us-cert.gov/ics/advisories/icsa-19-213-05MitigationThird Party AdvisoryUS Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-20-810/Third Party AdvisoryVDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-811/Third Party AdvisoryVDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-812/Third Party AdvisoryVDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-813/Third Party AdvisoryVDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-814/Third Party AdvisoryVDB Entry
https://www.us-cert.gov/ics/advisories/icsa-19-213-05MitigationThird Party AdvisoryUS Government Resource
https://www.zerodayinitiative.com/advisories/ZDI-20-810/Third Party AdvisoryVDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-811/Third Party AdvisoryVDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-812/Third Party AdvisoryVDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-813/Third Party AdvisoryVDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-814/Third Party AdvisoryVDB Entry

FAQ

What is CVE-2019-13511?

CVE-2019-13511 is a vulnerability with a CVSS score of 3.3 (LOW). Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the l...

How severe is CVE-2019-13511?

CVE-2019-13511 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-13511?

Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Arena.