2112 matches found
PT-2019-13387 · Rockwell Automation · Arena Simulation
Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier Description: A maliciously crafted program file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation...
Rockwell Automation Arena Simulation DOE File Parsing Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
Rockwell Automation Arena Simulation DOE File Insufficient UI Warning Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
New 4CAN tool helps identify vulnerabilities in on-board car computers
By Alex DeTrano, Jason Royes, and Matthew Valites. Executive summary Modern automobiles contain hundreds of sensors and mechanics that communicate via computers to understand their surrounding environment. Those components provide real-time information to drivers, connect the vehicle to a global...
Rockwell Automation Arena Simulation Software Information Disclosure Vulnerability
Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. An information disclosure vulnerability exists in Rockwell Automation Arena Simulation Software for Manufacturing Cat. 9502-Ax versions...
CVE-2019-13510
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code...
Design/Logic Flaw
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code...
Design/Logic Flaw
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation...
CVE-2019-13510
CVE-2019-13510 affects Rockwell Automation Arena Simulation Software up to version 16.00.00. The connected sources indicate a USE AFTER FREE (CWE-416) in Arena files opened by a user, which can cause the application to crash or, in the worst case, execute arbitrary code. The vulnerability impact ...
CVE-2019-13510
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code...
CVE-2019-13511
CVE-2019-13511 affects Rockwell Automation Arena Simulation Software up to version 16.00.00. ZDI advisories describe use-after-free vulnerabilities in DOE file parsing (and related project file handling) that allow remote code execution when a user opens a malicious file or visits a malicious pag...
CVE-2019-13511
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation...
UPDATE: Infection Monkey 1.6.3
PenTestIT RSS Feed Some days ago, Infection Monkey 1.6.3 was released. The first post about this tool can be found in a post titled the List of Adversary Emulation Tools. This is a small bugfix release, mostly around integration and packaging. It contains two user facing changes as well. What is...
Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
PT-2019-13377 · Rockwell Automation · Arena Simulation
Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier Description: The issue allows for limited exposure of information related to the targeted workstation when a maliciously crafted Arena file is opened by an unsuspecti...
Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
PT-2019-13376 · Rockwell Automation · Arena Simulation
Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier Description: The issue is related to a USE AFTER FREE condition, which can be triggered by opening a maliciously crafted Arena file. This may cause the application to...
Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...