Loading

PN646 | RSLinx Classic™ EDS Wizard Buffer Overflow Vulnerability - May 24, 2011

Severity:
Critical
Advisory ID:
PN646
게시한 날짜:
May 24, 2011
최근 업데이트:
May 24, 2011
Revision Number:
1.0
Known Exploited Vulnerability (KEV):
아니요
Corrected:
아니요
Workaround:
아니요
요약
RSLinx Classic™ EDS Wizard Buffer Overflow Vulnerability - May 24, 2011

Introduction

RSLinx Classic™ EDS Wizard Buffer Overflow Vulnerability

May 24, 2011

Description

Rockwell Automation has investigated a reported buffer overflow vulnerability in RSLinx Classic™ and has determined the following:

· The reported vulnerability was not in RSLinx Classic, but in a separate isolated executable, EDS Hardware Installation Tool (RSHWare.exe), which is installed by RSLinx Classic. This executable file is normally launched from the following menu location:

Rockwell Software RSLinx Tools EDS Hardware Installation Tool

· The reported vulnerability requires an authorized administrator to run the EDS Hardware Installation Tool after gaining physical access to the computer in order to load an improperly formatted EDS file.

· The reported vulnerability has no effect on RSLinx Classic’s intended operation, which is to allow client applications to communicate with controllers and/or other automation devices.

· A successful exploit of this vulnerability could allow an attacker to run arbitrary code on the target PC.

Customers who are concerned about this reported vulnerability should recognize that to exploit it would require gaining physical access to the target computer, a user with administrator privileges and execution of the EDS Hardware Installation Tool in order to load an improperly formatted EDSfile.

Given the details above, it is highly unlikely that an attacker would use the EDS Hardware Installation Tool to launch a malicious attack.

The reported vulnerability is present in version 1.0.5.1 and earlier versions of the EDS Hardware Installation Tool (RSHWare.exe). To determine the version installed, locate RSHWare.exe, right-click and select properties. Select the properties "Version" tab to view the file version.

Rockwell Automation recommends concerned customers take the following immediate steps to mitigate risk associated with the reported vulnerability:

1. Restrict physical access to the computer.

2. Establish policies and procedures such that only authorized individuals have administrative rights on the computer.

3. Obtain product EDS files from trusted sources (e.g. product vendor)

4. Apply the Rockwell Automation issued Patch

Rockwell Automation has issued a software patch for the EDS Hardware Installation Tool that addresses this buffer overflow vulnerability. When applied, the patch replaces the RSEds.dll file with the modified version. Future releases of RSLinx Classic, starting with version 2.58 will include this modified version of the required files.

Rockwell Automation is committed to making additional security enhancements to our systems in the future.

For more information and for assistance with assessing the state of security of your existing controls system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site at http://www.rockwellautomation.com/solutions/security.

KCS Status

Released

Rockwell Automation Home
Copyright ©2022 Rockwell Automation, Inc.
  1. Chevron LeftChevron Left Rockwell Automation 홈
  2. Chevron LeftChevron Left Trust Center
  3. Chevron LeftChevron Left Industrial Security Adv
  4. Chevron LeftChevron Left Industrial Security Advisory Detail
계속 진행하기 위해 쿠키 설정을 업데이트하십시오..
この機能には、お客様の利便性を向上させるためにクッキーが必要です。これらのクッキーを許可するように設定を更新してください:
  • 소셜 미디어 쿠키
  • 기능 쿠키
  • 성능 쿠키
  • 마케팅 쿠키
  • 모든 쿠키
귀하는 쿠키 설정을 언제든지 변경할 수 있습니다. 자세한 내용은 이곳에서 확인하십시오. {0} 개인 정보 보호 정책
CloseClose