CVE-2020-6655

{"id": "CVE-2020-6655", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "CybersecurityCOE@eaton.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 1.0}]}, "published": "2021-01-07T18:15:13.857", "references": [{"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-007-03", "tags": ["Third Party Advisory", "US Government Resource"], "source": "CybersecurityCOE@eaton.com"}, {"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf", "tags": ["Vendor Advisory"], "source": "CybersecurityCOE@eaton.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1443/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "CybersecurityCOE@eaton.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}, {"type": "Secondary", "source": "CybersecurityCOE@eaton.com", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The Eaton's easySoft software v7.xx prior to v7.22 are susceptible to Out-of-bounds remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user to upload the malformed .E70 file in the application. The vulnerability arises due to improper validation and parsing of the E70 file content by the application."}, {"lang": "es", "value": "El software easySoft de Eaton versi\u00f3n v7.xx y anterior a la v7.22 es susceptible a la vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo fuera de l\u00edmites. Una entidad maliciosa puede ejecutar un c\u00f3digo malicioso o hacer que la aplicaci\u00f3n se bloquee enga\u00f1ando al usuario para que cargue el archivo .E70 malformado en la aplicaci\u00f3n. La vulnerabilidad surge debido a una validaci\u00f3n y an\u00e1lisis inadecuados del contenido del archivo E70 por parte de la aplicaci\u00f3n"}], "lastModified": "2021-03-31T12:48:21.997", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eaton:easysoft:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B48E09D-AA56-4B08-B4BD-74726DE49BFA", "versionEndExcluding": "7.22", "versionStartIncluding": "7.00"}], "operator": "OR"}]}], "sourceIdentifier": "CybersecurityCOE@eaton.com"}