CyberNews Briefs

Hackers Can Target Rockwell Industrial Software With Malicious EDS Files

Two vulnerabilities found by cybersecurity firm Claroty have been patched recently by Rockwell Automation. The flaws are related to Electronic Data Sheet (EDS) files and can allow for malicious actors to expand access within a target’s OT network. Earlier this week, advisories for the vulnerabilities were published by Rockwell and the United States Cybersecurity and Infrastructure Security Agency (CISA).

The first flaw, CVE-2020-12034, allows for DoS attacks and SQL injection while the second, CVE-2020-12038, lets hackers trigger a DoS condition. Claroty cybersecurity experts found that attackers could create EDS files that eventually allowed the threat actors to write or manipulate files on the system through a DoS condition.

Read More: Hackers Can Target Rockwell Industrial Software With Malicious EDS Files

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.