CVE-2020-6655
File parsing Out-Of-Bounds read remote code execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Eaton's easySoft software v7.xx prior to v7.22 are susceptible to Out-of-bounds remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user to upload the malformed .E70 file in the application. The vulnerability arises due to improper validation and parsing of the E70 file content by the application.
El software easySoft de Eaton versión v7.xx y anterior a la v7.22 es susceptible a la vulnerabilidad de ejecución remota de código fuera de límites. Una entidad maliciosa puede ejecutar un código malicioso o hacer que la aplicación se bloquee engañando al usuario para que cargue el archivo .E70 malformado en la aplicación. La vulnerabilidad surge debido a una validación y análisis inadecuados del contenido del archivo E70 por parte de la aplicación
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-09 CVE Reserved
- 2021-01-07 CVE Published
- 2024-08-04 CVE Updated
- 2024-11-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-125: Out-of-bounds Read
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-007-03 | Third Party Advisory | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1443 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Eaton Search vendor "Eaton" | Easysoft Search vendor "Eaton" for product "Easysoft" | >= 7.00 < 7.22 Search vendor "Eaton" for product "Easysoft" and version " >= 7.00 < 7.22" | - |
Affected
| ||||||