Skip to content

A maliciously crafted program file opened by an...

Moderate severity Unreviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Dec 17, 2024

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities.

References

Published by the National Vulnerability Database Jan 27, 2020
Published to the GitHub Advisory Database May 24, 2022
Last updated Dec 17, 2024

Severity

Moderate

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(3rd percentile)

Weaknesses

Insufficient UI Warning of Dangerous Operations

The user interface provides a warning to a user regarding dangerous or sensitive operations, but the warning is not noticeable enough to warrant attention. Learn more on MITRE.

CVE ID

CVE-2019-13521

GHSA ID

GHSA-rr25-rmv3-92rm

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.