7.8
CVE-2020-6655
- EPSS 2.65%
- Veröffentlicht 07.01.2021 18:15:13
- Zuletzt bearbeitet 21.11.2024 05:36:06
- Quelle CybersecurityCOE@eaton.com
- CVE-Watchlists
- Unerledigt
LoginFile parsing Out-Of-Bounds read remote code execution
The Eaton's easySoft software v7.xx prior to v7.22 are susceptible to Out-of-bounds remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user to upload the malformed .E70 file in the application. The vulnerability arises due to improper validation and parsing of the E70 file content by the application.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.65% | 0.837 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| CybersecurityCOE@eaton.com | 5.8 | 1 | 4.7 |
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://us-cert.cisa.gov/ics/advisories/icsa-21-007-03
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf
https://www.zerodayinitiative.com/advisories/ZDI-20-1443/