What is the vulnerability identifier for this issue?

The vulnerability identifier for this issue is CVE-2020-6656.

What is the severity of CVE-2020-6656?

CVE-2020-6656 has a severity score of 7.8 (high).

Which software versions are affected by CVE-2020-6656?

Versions of Eaton's easySoft software prior to v7.22 (7.00 to 7.20) are affected by CVE-2020-6656.

What is the impact of CVE-2020-6656?

The vulnerability allows a malicious entity to execute a malicious code or crash the application by tricking the user into uploading a malformed .E70 file.

Where can I find more information about CVE-2020-6656?

You can find more information about CVE-2020-6656 in the following references: [Link 1](https://us-cert.cisa.gov/ics/advisories/icsa-21-007-03), [Link 2](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf), [Link 3](https://www.zerodayinitiative.com/advisories/ZDI-20-1441/).

Vulnerability/
CVE-2020-6656

high

7.8

CWE

843 20

7/1/2021

4/8/2024

CVE-2020-6656: File parsing Type Confusion Remote code execution vulerability

First published: Thu Jan 07 2021(Updated: )

Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file parsing type confusion remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user upload a malformed .E70 file in the application. The vulnerability arises due to improper validation of user data supplied through E70 file which is causing Type Confusion.

Credit: CybersecurityCOE@eaton.com

Affected Software	Affected Version	How to fix
Eaton EASYsoft	>=7.00<7.20
Eaton Versions 7.20 and prior of EASYsoft are affected

Remedy

Apply the patch once it is provided by Eaton.

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-21-007-03

Frequently Asked Questions

What is the vulnerability identifier for this issue?
The vulnerability identifier for this issue is CVE-2020-6656.
What is the severity of CVE-2020-6656?
CVE-2020-6656 has a severity score of 7.8 (high).
Which software versions are affected by CVE-2020-6656?
Versions of Eaton's easySoft software prior to v7.22 (7.00 to 7.20) are affected by CVE-2020-6656.
What is the impact of CVE-2020-6656?
The vulnerability allows a malicious entity to execute a malicious code or crash the application by tricking the user into uploading a malformed .E70 file.
Where can I find more information about CVE-2020-6656?
You can find more information about CVE-2020-6656 in the following references: [Link 1](https://us-cert.cisa.gov/ics/advisories/icsa-21-007-03), [Link 2](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf), [Link 3](https://www.zerodayinitiative.com/advisories/ZDI-20-1441/).

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/title
agent/severity
agent/weakness
agent/references
agent/last-modified-date
agent/author
agent/remedy
agent/first-publish-date
agent/description
agent/event
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
agent/trending
vendor/eaton
canonical/eaton easysoft
version/eaton easysoft/7.00
canonical/eaton versions 7.20 and prior of easysoft are affected