"Hackers Can Target Rockwell Industrial Software With Malicious EDS Files"

Rockwell Automation and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published advisories about vulnerabilities associated with the Electronic Data Sheet (EDS) subsystem discovered by researchers at the industrial cybersecurity firm Claroty. An EDS file holds configuration data for a device. Network management tools use EDS files for identification and commissioning. According to the Claroty researchers, the security flaws they found could be exploited by hackers to launch denial-of-service (DoS) attacks and execute malicious SQL statements. These attacks can allow hackers to write or manipulate files. The vulnerabilities impact FactoryTalk Linx, RSLinx Classic, RSNetWorx, and Studio 5000 Logix Designer. This article continues to discuss the security holes that hackers can abuse to target Rockwell industrial software. 

Security Week reports "Hackers Can Target Rockwell Industrial Software With Malicious EDS Files"