QwikSec

Security Database

CVE

CWE

Training

CVE-2020-6655

Published: Jan 7, 2021

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

5.8

MEDIUM

Description

The Eaton's easySoft software v7.xx prior to v7.22 are susceptible to Out-of-bounds remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user to upload the malformed .E70 file in the application. The vulnerability arises due to improper validation and parsing of the E70 file content by the application.

Vendor	Product	Versions
Eaton	easySoft Software	affected `v7.xx prior to v7.22`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

References

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-20-1443/

x_refsource_MISC

https://us-cert.cisa.gov/ics/advisories/icsa-21-007-03

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.