EatonCVELIST:CVE-2020-6656CVE-2020-6656 File parsing Type Confusion Remote code execution vulerability
5.8 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
0.005 Low
EPSS
Percentile
76.3%
Eaton’s easySoft software v7.xx prior to v7.22 are susceptible to file parsing type confusion remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user upload a malformed .E70 file in the application. The vulnerability arises due to improper validation of user data supplied through E70 file which is causing Type Confusion.
CNA Affected
[
{
"product": "easySoft Software",
"vendor": "Eaton",
"versions": [
{
"status": "affected",
"version": "v7.xx prior to v7.22"
}
]
}
]References
us-cert.cisa.gov/ics/advisories/icsa-21-007-03
www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf
www.zerodayinitiative.com/advisories/ZDI-20-1441/
www.zerodayinitiative.com/advisories/ZDI-20-1442/
www.zerodayinitiative.com/advisories/ZDI-20-1444/
Related
5.8 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
0.005 Low
EPSS
Percentile
76.3%