Rockwell Automation recently patched two vulnerabilities related to EDS files that can allow malicious actors to expand their access within a targeted organization’s OT network.
The vulnerabilities were discovered by researchers at industrial cybersecurity firm Claroty. Rockwell Automation and the United States Cybersecurity and Infrastructure Security Agency (CISA) published advisories for the vulnerabilities this week.
The security holes are related to the Electronic Data Sheet (EDS) subsystem used by some Rockwell products. An EDS file contains a device’s configuration data and it’s used by network management tools for identification and commissioning purposes.
Claroty researchers discovered that attackers could create special EDS files that would allow them to cause a denial-of-service (DoS) condition or to inject SQL queries in an effort to write or manipulate files on the system.
Rockwell Automation tracks the flaws as CVE-2020-12034, which allows DoS attacks and SQL injection, and CVE-2020-12038, which allows hackers to trigger a DoS condition. According to the vendor, the security holes impact FactoryTalk Linx (previously named RSLinx Enterprise), RSLinx Classic, RSNetWorx, and Studio 5000 Logix Designer.
Sharon Brizinov, principal vulnerability researcher at Claroty, one of the people involved in the discovery of the flaws, said their findings are related to the way the EDS subsystem parses the content of EDS files.
“We were able to create a malicious EDS file so that upon being parsed by Rockwell's software, a Windows batch file will be written to an arbitrary path, including the startup directory, which can lead to code execution upon restart,” Brizinov told SecurityWeek.
Brizinov explained, “EDS files are simple text files used by various network configuration tools to help identif ..
Support the originator by clicking the read the rest link below.
