CVE-2020-6654

HIGH

Eaton 9000x Programming And Configura... - Uncontrolled Search Path

Title source: rule

Description

A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL.

References (1)

[Vendor Advisory] https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/9000x-software-eaton-vulnerability-advisory.pdf

Scores

CVSS v3 7.8

EPSS 0.0007

EPSS Percentile 20.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427 CWE-426

Status published

Affected Products (1)

eaton/9000x_programming_and_configuration_software < 2.0.38

Timeline

Published Sep 30, 2020

Tracked Since Feb 18, 2026