CVE Vulnerability

CVE-2020-6656

Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file parsing type confusion remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user upload a malformed .E70 file in the application. The vulnerability arises due to improper validation of user data supplied through E70 file which is causing Type Confusion.

6.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.zerodayinitiative.com/advisories/ZDI-20-1441/ Third Party Advisory VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-1442/ Third Party Advisory VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-20-1444/ Third Party Advisory VDB Entry
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-007-03 Third Party Advisory US Government Resource
Configurations

Configuration 1

cpe:2.3:a:eaton:easysoft:*:*:*:*:*:*:*:*
Information

Published : 2021-01-07 06:15

Updated : 2021-03-31 12:51

NVD link : CVE-2020-6656

Mitre link : CVE-2020-6656

Products Affected

Easysoft

Eaton

CWE
CWE-843