CVE-2011-2530

Name of the Vulnerable Software and Affected Versions RSLinx Classic versions 2.57 and earlier EDS Hardware Installation Tool version 1.0.5.1 and earlier

Description The issue is related to a buffer overflow in the RSEds.dll component of the EDS Hardware Installation Tool and RSHWare.exe in RSLinx Classic. This can be triggered by a malformed .eds file, potentially allowing user-assisted remote attackers to cause a denial of service, resulting in an application crash, or possibly execute arbitrary code.

Recommendations For RSLinx Classic versions 2.57 and earlier, update to version 2.58 or later. For EDS Hardware Installation Tool version 1.0.5.1 and earlier, consider avoiding the use of malformed .eds files until a patch is available. As a temporary workaround, consider restricting access to the RSEds.dll component to minimize the risk of exploitation.