EDS Subsystem Vulnerabilities Expose OT Assets to Malicious File Delivery

Claroty (Team82) disclosed vulnerabilities in the Rockwell Automation EDS Subsystem (CVE-2020-12038, CVE-2020-12034) affecting FactoryTalk Linx, RSLinx Classic, RSNetWorx, and Studio 5000 Logix Designer; crafted malicious EDS files presented via device discovery can write files to disk (including startup locations) enabling code execution on restart or crash the EDS parser to cause denial-of-service. The report includes a proof-of-concept demonstration, notes no known in-the-wild exploitation, and advises applying vendor patches and network mitigations (segmentation, blocking EtherNet/IP/CIP ports, and using secure remote access).