CVE-2020-6655 Vulnerability Details

  /     /     /  

CVE-2020-6655 Metadata Quick Info

CVE Published: 07/01/2021 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: Eaton | Vendor: Eaton | Product: easySoft Software
Status : PUBLISHED

---

CVE-2020-6655 Description

The Eaton\'s easySoft software v7.xx prior to v7.22 are susceptible to Out-of-bounds remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user to upload the malformed .E70 file in the application. The vulnerability arises due to improper validation and parsing of the E70 file content by the application.

Metrics

CVSS Version: 3.1 | Base Score: 5.8 MEDIUM
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* LOW
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-125
CWE Name: CWE-125 Out-of-bounds Read
Source: Eaton

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).