Rockwell Automation RSLinx Classic < 2.58 DOS

critical Nessus Network Monitor Plugin ID 720178

Synopsis

Rockwell Automation RSLinx Classic version &lt; 2.58 allows user-assisted remote attackers to cause a denial of service.

Description

Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Installation Tool 1.0.5.1 and earlier in Rockwell Automation RSLinx Classic before 2.58 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed .eds file.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

http://rockwellautomation.custhelp.com/app/answers/detail/a_id/279194,http://www.kb.cert.org/vuls/id/127584

Plugin Details

Severity: Critical

ID: 720178

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Patch Publication Date: 6/22/2011

Vulnerability Publication Date: 6/22/2011

Reference Information

CVE: CVE-2011-2530

BID: 48092