Introduction
RSLinx Classic™ EDS Wizard Buffer Overflow Vulnerability
March 3, 2010
Description
Rockwell Automation has investigated a reported buffer overflow vulnerability in RSLinx Classic™ and has determined the following:
· The reported vulnerability was not in RSLinx Classic, but in a separate isolated executable, EDS Hardware Installation Tool (RSHWare.exe), which is installed by RSLinx Classic. This executable file is normally launched from the following menu location:
Rockwell Software RSLinx Tools EDS Hardware Installation Tool
· The reported vulnerability requires an authorized administrator to run the EDS Hardware Installation Tool after gaining physical access to the computer in order to load an improperly formatted EDS file.
· The reported vulnerability has no effect on RSLinx Classic’s intended operation, which is to allow client applications to communicate with controllers and/or other automation devices.
· A successful exploit of this vulnerability could allow an attacker to run arbitrary code on the target PC.
Customers who are concerned about this reported vulnerability should recognize that to exploit it would require gaining physical access to the target computer, a user with administrator privileges and execution of the EDS Hardware Installation Tool in order to load an improperly formatted EDSfile.
Given the details above, it is highly unlikely that an attacker would use the EDS Hardware Installation Tool to launch a malicious attack.
The reported vulnerability is present in version 1.0.5.1 and earlier versions of the EDS Hardware Installation Tool (RSHWare.exe). To determine the version installed, locate RSHWare.exe, right-click and select properties. Select the properties "Version" tab to view the file version.
Rockwell Automation recommends concerned customers take the following immediate steps to mitigate risk associated with the reported vulnerability:
1. Restrict physical access to the computer.
2. Establish policies and procedures such that only authorized individuals have administrative rights on the computer.
3. Obtain product EDS files from trusted sources (e.g. product vendor)
4. Apply the Rockwell Automation issued Patch Aid 68053
Rockwell Automation has issued a software patch for the EDS Hardware Installation Tool that addresses this buffer overflow vulnerability. When applied, the patch replaces the RSEds.dll file with the modified version 4.0.1.157. Future releases of RSLinx Classic, starting with version 2.57, will include this modified version of the RSEds.dll.
Rockwell Automation is committed to making additional security enhancements to our systems in the future.
For more information and for assistance with assessing the state of security of your existing controls system, including improving your system-level security when using Rockwell Automation and other vendor controls products, you can visit the Rockwell Automation Security Solutions web site at http://www.rockwellautomation.com/solutions/security.