Hackers Can Target Rockwell Industrial Software With Malicious EDS Files
Two vulnerabilities found by cybersecurity firm Claroty have been patched recently by Rockwell Automation. The flaws are related to Electronic Data Sheet (EDS) files and can allow for malicious actors to expand access within a target’s OT network. Earlier this week, advisories for the vulnerabilities were published by Rockwell and the United States Cybersecurity and Infrastructure Security Agency (CISA).
The first flaw, CVE-2020-12034, allows for DoS attacks and SQL injection while the second, CVE-2020-12038, lets hackers trigger a DoS condition. Claroty cybersecurity experts found that attackers could create EDS files that eventually allowed the threat actors to write or manipulate files on the system through a DoS condition.