CVE-2019-13527

Name of the Vulnerable Software and Affected Versions Rockwell Automation Arena Simulation Software Cat. 9502-Ax versions 16.00.00 and earlier

Description A maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized, potentially leading to remote code execution. The issue is related to the parsing of Arena Simulation DOE files.

Recommendations For versions 16.00.00 and earlier, update to a version later than 16.00.00 to resolve the issue. As a temporary workaround, consider avoiding the use of potentially malicious Arena files until a patch is available. Restrict access to untrusted Arena files to minimize the risk of exploitation.