Vulnerability Details CVE-2011-2530
Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Installation Tool 1.0.5.1 and earlier in Rockwell Automation RSLinx Classic before 2.58 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed .eds file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.3%
CVSS Severity
CVSS v2 Score 9.3
References
- http://rockwellautomation.custhelp.com/app/answers/detail/a_id/279194
- http://www.kb.cert.org/vuls/id/127584
- http://www.kb.cert.org/vuls/id/MAPG-8G9PWX
- http://www.securityfocus.com/bid/48092
- http://rockwellautomation.custhelp.com/app/answers/detail/a_id/279194
- http://www.kb.cert.org/vuls/id/127584
- http://www.kb.cert.org/vuls/id/MAPG-8G9PWX
- http://www.securityfocus.com/bid/48092
Products affected by CVE-2011-2530
-
cpe:2.3:a:rockwellautomation:eds_hardware_installation_tool:-
-
cpe:2.3:a:rockwellautomation:eds_hardware_installation_tool:1.0.5.1
-
cpe:2.3:a:rockwellautomation:rslinx:2.10.18
-
cpe:2.3:a:rockwellautomation:rslinx:2.20.02
-
cpe:2.3:a:rockwellautomation:rslinx:2.43.01
-
cpe:2.3:a:rockwellautomation:rslinx:2.50.00
-
cpe:2.3:a:rockwellautomation:rslinx:2.51.00
-
cpe:2.3:a:rockwellautomation:rslinx:2.52.00
-
cpe:2.3:a:rockwellautomation:rslinx:2.53.00
-
cpe:2.3:a:rockwellautomation:rslinx:2.54.00
-
cpe:2.3:a:rockwellautomation:rslinx:2.55.00
-
cpe:2.3:a:rockwellautomation:rslinx:2.56.00
-
cpe:2.3:a:rockwellautomation:rslinx:2.57.00
-
cpe:2.3:a:rockwellautomation:rslinx:2.57.00.14