23 Jul 2024


Rockwell patch fixes potential security problem

Rockwell Automation has issued a software patch to fix a potential security vulnerability in its Electronic Data Sheet Hardware Installation Tool which comes bundled with its RSLinx Classic – which it describes as the most widely installed communication server for automation.

An attacker could exploit the vulnerability by tricking a user into opening an EDS file designed to cause the installation tool to crash, leading to the possible execution of arbitrary code which could subvert other security services.

The US Government’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) says that the buffer overflow vulnerability is “likely exploitable”, but adds that it would require “significant user interaction”. Attackers cannot initiate an exploit from a remote machine, and the exploit is triggered only when a local user runs the vulnerable application and loads the malformed EDS file.

ICS-CERT is not aware of any exploits specifically targeting the vulnerability. “Crafting a working exploit for this vulnerability would be difficult,” it says. “Social engineering is required to convince the user to accept the malformed EDS file. Additional user interaction is needed to load the malformed file. This decreases the likelihood of a successful exploit.”

Rockwell’s patch (Patch Aid 276774) can be downloaded from its Web site by registered users. It has been verified by the CERT Coordination Center, which originally identified the vulnerability.

Rockwell also recommends that concerned users take the following steps to mitigate the risk associated with the vulnerability:
•  restrict physical access to any computer running the software tool;
•  establish policies and procedures so that only authorised personnel have administrative rights on the computer; and
•  obtain EDS product files only from trusted sources, such as product vendors.

RSLinx Classic (above) provides plant-floor device connections for a variety of Rockwell Software applications, including RSLogix 5/500/5000 and RSView32. It also provides open interfaces for third-party HMI, data collection and analysis packages, and custom client applications.

The vulnerability affects all versions of the EDS Hardware Installation Tool up to The tool is designed to parse EDS files containing product-specific information used to register a device on a network.