QwikSec

Security Database

CVE

CWE

Training

CVE-2020-6656

Published: Jan 7, 2021

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

5.8

MEDIUM

Description

Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file parsing type confusion remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user upload a malformed .E70 file in the application. The vulnerability arises due to improper validation of user data supplied through E70 file which is causing Type Confusion.

Vendor	Product	Versions
Eaton	easySoft Software	affected `v7.xx prior to v7.22`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

References

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-20-1441/

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-20-1442/

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-20-1444/

x_refsource_MISC

https://us-cert.cisa.gov/ics/advisories/icsa-21-007-03

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2020-6656 | MEDIUM (5.8) - Security Vulnerability | QwikSec