Rockwell Automation RSLinx Classic EDS Hardware Installation Tool contains a buffer overflow vulnerability.
According to Rockwell Automation's website: RSLinx Classic provides plant-floor device connectivity for a wide variety of Rockwell Software applications such as RSLogix™ 5/500/5000 and RSView32. The EDS Hardware Installation Tool (RSHWare.exe) that comes bundled with RSLinx Classic contains a buffer overflow vulnerability while parsing improperly formatted EDS files.
An attacker could exploit the vulnerability by tricking a user into opening a crafted .eds file, causing EDS Hardware Installation Tool to crash leading to possible execution of arbitrary code.
Apply an Update
According to Rockwell Automation's security advisory:
This vulnerability is present in version 18.104.22.168 and earlier versions of the EDS Hardware Installation Tool (RSHWare.exe).
This vulnerability was found by Rockwell Automation's internal team and additionally by Michael Orlando working for CERT/CC.
This document was written by Michael Orlando.
|Date First Published:||2011-06-02|
|Date Last Updated:||2011-08-18 14:25 UTC|