Loading

PN646 | RSLinx Classic™ EDS Wizard Buffer Overflow Vulnerability - May 24, 2011

Severity:
Critical
Advisory ID:
PN646
Published Date:
May 24, 2011
Last Updated:
May 24, 2011
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
No
Corrected:
No
Workaround:
No
Summary
RSLinx Classic™ EDS Wizard Buffer Overflow Vulnerability - May 24, 2011

Introduction

RSLinx Classic™ EDS Wizard Buffer Overflow Vulnerability

May 24, 2011

Description

Rockwell Automation has investigated a reported buffer overflow vulnerability in RSLinx Classic™ and has determined the following:

· The reported vulnerability was not in RSLinx Classic, but in a separate isolated executable, EDS Hardware Installation Tool (RSHWare.exe), which is installed by RSLinx Classic. This executable file is normally launched from the following menu location:

Rockwell Software RSLinx Tools EDS Hardware Installation Tool

· The reported vulnerability requires an authorized administrator to run the EDS Hardware Installation Tool after gaining physical access to the computer in order to load an improperly formatted EDS file.

· The reported vulnerability has no effect on RSLinx Classic’s intended operation, which is to allow client applications to communicate with controllers and/or other automation devices.

· A successful exploit of this vulnerability could allow an attacker to run arbitrary code on the target PC.

Customers who are concerned about this reported vulnerability should recognize that to exploit it would require gaining physical access to the target computer, a user with administrator privileges and execution of the EDS Hardware Installation Tool in order to load an improperly formatted EDSfile.

Given the details above, it is highly unlikely that an attacker would use the EDS Hardware Installation Tool to launch a malicious attack.

The reported vulnerability is present in version 1.0.5.1 and earlier versions of the EDS Hardware Installation Tool (RSHWare.exe). To determine the version installed, locate RSHWare.exe, right-click and select properties. Select the properties "Version" tab to view the file version.

Rockwell Automation recommends concerned customers take the following immediate steps to mitigate risk associated with the reported vulnerability:

1. Restrict physical access to the computer.

2. Establish policies and procedures such that only authorized individuals have administrative rights on the computer.

3. Obtain product EDS files from trusted sources (e.g. product vendor)

4. Apply the Rockwell Automation issued Patch

Rockwell Automation has issued a software patch for the EDS Hardware Installation Tool that addresses this buffer overflow vulnerability. When applied, the patch replaces the RSEds.dll file with the modified version. Future releases of RSLinx Classic, starting with version 2.58 will include this modified version of the required files.

Rockwell Automation is committed to making additional security enhancements to our systems in the future.

For more information and for assistance with assessing the state of security of your existing controls system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site at http://www.rockwellautomation.com/solutions/security.

KCS Status

Released

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Puerto Rico
  2. Chevron LeftChevron Left Trust Center
  3. Chevron LeftChevron Left Industrial Security Adv
  4. Chevron LeftChevron Left Industrial Security Advisory Detail
Please update your cookie preferences to continue.
This feature requires cookies to enhance your experience. Please update your preferences to allow for these cookies:
  • Social Media Cookies
  • Functional Cookies
  • Performance Cookies
  • Marketing Cookies
  • All Cookies
You can update your preferences at any time. For more information please see our {0} Privacy Policy
CloseClose