Search
Find a vulnerability
Search criteria
2 vulnerabilities found for 9000x Programming and Configuration Software by Eaton
CVE-2020-6654 (GCVE-0-2020-6654)
Vulnerability from nvd – Published: 2020-09-30 20:36 – Updated: 2024-09-16 19:10
VLAI
Title
DLL Hijacking
Summary
A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL.
Severity
7.8 (High)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.eaton.com/content/dam/eaton/company/n… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eaton | 9000x Programming and Configuration Software |
Affected:
unspecified , ≤ 2.0.38
(custom)
|
Date Public
2020-09-07 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:04.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/9000x-software-eaton-vulnerability-advisory.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "9000x Programming and Configuration Software",
"vendor": "Eaton",
"versions": [
{
"lessThanOrEqual": "2.0.38",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Eaton would like to thank Yongjun liu from Nsfocus security team"
}
],
"datePublic": "2020-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A DLL Hijacking vulnerability in Eaton\u0027s 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-30T20:36:20.000Z",
"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
"shortName": "Eaton"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/9000x-software-eaton-vulnerability-advisory.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Update the software to latest version available."
}
],
"source": {
"advisory": "ETN-VA-2020-1007",
"defect": [
"ETN-VA-2020-1007"
],
"discovery": "EXTERNAL"
},
"title": "DLL Hijacking",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "CybersecurityCOE@eaton.com",
"DATE_PUBLIC": "2020-09-07T07:21:00.000Z",
"ID": "CVE-2020-6654",
"STATE": "PUBLIC",
"TITLE": "DLL Hijacking"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "9000x Programming and Configuration Software",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.0.38"
}
]
}
}
]
},
"vendor_name": "Eaton"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Eaton would like to thank Yongjun liu from Nsfocus security team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A DLL Hijacking vulnerability in Eaton\u0027s 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path Element"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-426 Untrusted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/9000x-software-eaton-vulnerability-advisory.pdf",
"refsource": "CONFIRM",
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/9000x-software-eaton-vulnerability-advisory.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update the software to latest version available."
}
],
"source": {
"advisory": "ETN-VA-2020-1007",
"defect": [
"ETN-VA-2020-1007"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
"assignerShortName": "Eaton",
"cveId": "CVE-2020-6654",
"datePublished": "2020-09-30T20:36:20.513Z",
"dateReserved": "2020-01-09T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:10:14.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6654 (GCVE-0-2020-6654)
Vulnerability from cvelistv5 – Published: 2020-09-30 20:36 – Updated: 2024-09-16 19:10
VLAI
Title
DLL Hijacking
Summary
A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL.
Severity
7.8 (High)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.eaton.com/content/dam/eaton/company/n… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eaton | 9000x Programming and Configuration Software |
Affected:
unspecified , ≤ 2.0.38
(custom)
|
Date Public
2020-09-07 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:04.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/9000x-software-eaton-vulnerability-advisory.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "9000x Programming and Configuration Software",
"vendor": "Eaton",
"versions": [
{
"lessThanOrEqual": "2.0.38",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Eaton would like to thank Yongjun liu from Nsfocus security team"
}
],
"datePublic": "2020-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A DLL Hijacking vulnerability in Eaton\u0027s 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-30T20:36:20.000Z",
"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
"shortName": "Eaton"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/9000x-software-eaton-vulnerability-advisory.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Update the software to latest version available."
}
],
"source": {
"advisory": "ETN-VA-2020-1007",
"defect": [
"ETN-VA-2020-1007"
],
"discovery": "EXTERNAL"
},
"title": "DLL Hijacking",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "CybersecurityCOE@eaton.com",
"DATE_PUBLIC": "2020-09-07T07:21:00.000Z",
"ID": "CVE-2020-6654",
"STATE": "PUBLIC",
"TITLE": "DLL Hijacking"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "9000x Programming and Configuration Software",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.0.38"
}
]
}
}
]
},
"vendor_name": "Eaton"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Eaton would like to thank Yongjun liu from Nsfocus security team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A DLL Hijacking vulnerability in Eaton\u0027s 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427 Uncontrolled Search Path Element"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-426 Untrusted Search Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/9000x-software-eaton-vulnerability-advisory.pdf",
"refsource": "CONFIRM",
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/9000x-software-eaton-vulnerability-advisory.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update the software to latest version available."
}
],
"source": {
"advisory": "ETN-VA-2020-1007",
"defect": [
"ETN-VA-2020-1007"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
"assignerShortName": "Eaton",
"cveId": "CVE-2020-6654",
"datePublished": "2020-09-30T20:36:20.513Z",
"dateReserved": "2020-01-09T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:10:14.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}