CVE-2020-6655

Опубликовано: 07 янв. 2021

Источник: nvd

CVSS3: 5.8

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

The Eaton's easySoft software v7.xx prior to v7.22 are susceptible to Out-of-bounds remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user to upload the malformed .E70 file in the application. The vulnerability arises due to improper validation and parsing of the E70 file content by the application.

Ссылки

https://us-cert.cisa.gov/ics/advisories/icsa-21-007-03
Third Party Advisory
US Government Resource
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-1443/
Third Party Advisory
VDB Entry
https://us-cert.cisa.gov/ics/advisories/icsa-21-007-03
Third Party Advisory
US Government Resource
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-1443/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eaton:easysoft:*:*:*:*:*:*:*:*

Версия от 7.00 (включая) до 7.22 (исключая)

EPSS

Процентиль: 74%

0.0082

Низкий

5.8 Medium

CVSS3

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20

CWE-125

Связанные уязвимости

GHSA-98x2-8rq4-gpx2

github

больше 3 лет назад

The Eaton's easySoft software v7.20 and prior are susceptible to Out-of-bounds remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user to upload the malformed .E70 file in the application. The vulnerability arises due to improper validation and parsing of the E70 file content by the application.

EPSS

Процентиль: 74%

0.0082

Низкий

5.8 Medium

CVSS3

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20

CWE-125