Additional user interaction is needed to load the malformed file. Social engineering is required to convince the user to accept the malformed EDS file. DIFFICULTYĬrafting a working exploit for this vulnerability would be difficult. There are currently no known exploits specifically targeting this vulnerability. The exploit is only triggered when a local user runs the vulnerable application and loads the malformed EDS file. An attacker cannot initiate the exploit from a remote machine. This vulnerability is likely exploitable however, it is not possible without user interaction. Shorthand CVSS Scoring Notation: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:U/RC:C EXPLOITABILITY
To register a device on the network, product specific information must be supplied via an Electronic Data Sheet (EDS) file.
RSLinx provides connectivity to plant floor devices for Rockwell software applications. Rockwell Automation provides industrial automation control and information products worldwide across a wide range of industries. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their environment, architecture, and product implementation. Impact to individual organizations depends on many factors that are unique to each organization. However, the exploitability subscore is low (3.2) because of the difficulty of exploiting this vulnerability. The CVSS impact subscore for this vulnerability, as calculated by ICS-CERT, is high (10) because successfully exploiting this vulnerability would allow an attacker to run arbitrary code on the target machine. AFFECTED PRODUCTSĮDS Hardware Installation Tool Version 1.0.5.1 and earlier. This vulnerability is likely exploitable however, significant user interaction would be required.
I am scared to try this anymore via serial as in my research I keep seeing the word BRICK.A buffer overflow vulnerability exists in the Rockwell Automation RSLinx Classic EDS Hardware Installation Tool (RSHWare.exe). I have powered down to reset the PLC and still nothing. I get the Version number when I play around in RSLOGIX - I do a Who Active on the device and then Upload and it tells me that the Firmware in this device contains version 19.22 and RSLOGIX support for this version is not installed (because its a demo version).
I wanted to get the driver installed in #1 so that I can attempt this again via ethernet, but it still says V19.11. As far as the firmware, yes it takes over a hour to re-download via serial and yes I have done it already. I don't know if this is caused because it is the LITE version.
There are about 15 other drivers in the list and the only ones that mention or hint Ethernet are "Ethernet to PLC 5/SLC5/5820-El", "DeviceNet Drivers" and "Remote Devices via Linx or 1756 - ENET Gateway" I have already Uninstalled Both RSLogix and Linxs and reinstalled them with the same result.