CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6654 – DLL Hijacking
https://notcve.org/view.php?id=CVE-2020-6654
A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL. Una vulnerabilidad de secuestro de DLL en 9000x Programming and Configuration Software de Eaton v 2.0.38 y anteriores, permite a un atacante ejecutar código arbitrario al reemplazar las DLL requeridas por DLL maliciosas cuando el software intenta cargar vci11un6.DLL y cinpl.DLL • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/9000x-software-eaton-vulnerability-advisory.pdf • CWE-426: Untrusted Search Path CWE-427: Uncontrolled Search Path Element •