Security News > 2020 > May > Hackers Can Target Rockwell Industrial Software With Malicious EDS Files
Rockwell Automation recently patched two vulnerabilities related to EDS files that can allow malicious actors to expand their access within a targeted organization's OT network.
Claroty researchers discovered that attackers could create special EDS files that would allow them to cause a denial-of-service condition or to inject SQL queries in an effort to write or manipulate files on the system.
Sharon Brizinov, principal vulnerability researcher at Claroty, one of the people involved in the discovery of the flaws, said their findings are related to the way the EDS subsystem parses the content of EDS files.
Brizinov explained, "EDS files are simple text files used by various network configuration tools to help identify products and easily commission them on a network. This means when Rockwell's software connects to a new type of device, it will read and parse the EDS file from the device, and will be able to determine the type of the device and other properties that will help the software to properly communicate further with the device."
The researcher says an attacker could exploit the vulnerabilities by impersonating a new device on the network and use it to present a malicious EDS file to any discovery software.