Vulnerability Description
Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Installation Tool 1.0.5.1 and earlier in Rockwell Automation RSLinx Classic before 2.58 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed .eds file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rockwellautomation | Rslinx | < 2.58 |
| Rockwellautomation | Eds Hardware Installation Tool | <= 1.0.5.1 |
Related Weaknesses (CWE)
References
- http://rockwellautomation.custhelp.com/app/answers/detail/a_id/279194Permissions Required
- http://www.kb.cert.org/vuls/id/127584US Government Resource
- http://www.kb.cert.org/vuls/id/MAPG-8G9PWXUS Government Resource
- http://www.securityfocus.com/bid/48092Third Party AdvisoryVDB Entry
- http://rockwellautomation.custhelp.com/app/answers/detail/a_id/279194Permissions Required
- http://www.kb.cert.org/vuls/id/127584US Government Resource
- http://www.kb.cert.org/vuls/id/MAPG-8G9PWXUS Government Resource
- http://www.securityfocus.com/bid/48092Third Party AdvisoryVDB Entry
FAQ
What is CVE-2011-2530?
CVE-2011-2530 is a vulnerability with a CVSS score of 9.3 (HIGH). Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Installation Tool 1.0.5.1 and earlier in Rockwell Automation RSLinx Classic before 2.58 allows user-assisted remote attackers to cause a...
How severe is CVE-2011-2530?
CVE-2011-2530 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2530?
Check the references section above for vendor advisories and patch information. Affected products include: Rockwellautomation Rslinx, Rockwellautomation Eds Hardware Installation Tool.