A memory corruption vulnerability exists in the algorithm that matches square brackets in the EDS subsystem. This may allow an attacker to craft specialized EDS files to crash the EDSParser COM object, leading to denial-of-service conditions.
The EDS subsystem does not provide adequate input sanitization, which may allow an attacker to craft specialized EDS files to inject SQL queries and manipulate the database storing the EDS files. This can lead to denial-of-service conditions.
Denial of Service
Rockwell Automation has released a patch.
Follow the instructions in knowledge base article RAid 1125928