DLL Hijacking
CVE-2020-6654

7.8HIGH

Key Information:

Vendor
Eaton
Status
9000x Programming And Configuration Software
Vendor
CVE Published:
7 September 2020

Summary

A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL.

Affected Version(s)

9000x Programming and Configuration Software <= 2.0.38

References

https://www.eaton.com/content/dam/eaton/company/news-insi...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Eaton would like to thank Yongjun liu from Nsfocus security team
.
CVE-2020-6654 : DLL Hijacking | SecurityVulnerability.io