PT-2011-3917 · Rockwell Automation · Eds Hardware Installation Tool+1
Michael Orlando
·
Published
2011-06-22
·
Updated
2018-04-10
·
CVE-2011-2530
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
RSLinx Classic versions 2.57 and earlier
EDS Hardware Installation Tool version 1.0.5.1 and earlier
Description
The issue is related to a buffer overflow in the RSEds.dll component of the EDS Hardware Installation Tool and RSHWare.exe in RSLinx Classic. This can be triggered by a malformed .eds file, potentially allowing user-assisted remote attackers to cause a denial of service, resulting in an application crash, or possibly execute arbitrary code.
Recommendations
For RSLinx Classic versions 2.57 and earlier, update to version 2.58 or later.
For EDS Hardware Installation Tool version 1.0.5.1 and earlier, consider avoiding the use of malformed .eds files until a patch is available.
As a temporary workaround, consider restricting access to the RSEds.dll component to minimize the risk of exploitation.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eds Hardware Installation Tool
Rslinx Classic