CVE-2020-6654

Summary

A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL.

Affected Software

VendorProductVersion RangeStatus
Eaton9000x Programming and Configuration Softwareunspecified <= 2.0.38affected

Weaknesses

  • CWE-427: CWE-427 Uncontrolled Search Path Element
  • CWE-426: CWE-426 Untrusted Search Path

ADP Enrichment

CVE Program Container

Additional References

References