Lucene search

EatonCVELIST:CVE-2020-6655

HistoryJan 07, 2021 - 5:21 p.m.

CVE-2020-6655 File parsing Out-Of-Bounds read remote code execution

2021-01-0717:21:26

CWE-125

CWE-20

Eaton

www.cve.org

5.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

0.009 Low

EPSS

Percentile

82.3%

JSON

The Eaton’s easySoft software v7.xx prior to v7.22 are susceptible to Out-of-bounds remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user to upload the malformed .E70 file in the application. The vulnerability arises due to improper validation and parsing of the E70 file content by the application.

CNA Affected

[
  {
    "product": "easySoft Software",
    "vendor": "Eaton",
    "versions": [
      {
        "status": "affected",
        "version": "v7.xx prior to v7.22"
      }
    ]
  }
]

References

us-cert.cisa.gov/ics/advisories/icsa-21-007-03

www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf

www.zerodayinitiative.com/advisories/ZDI-20-1443/

5.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

0.009 Low

EPSS

Percentile

82.3%

JSON

Related for CVELIST:CVE-2020-6655