CVE-2020-6654

HIGH

Eaton 9000x Programming and Configuration Software < 2.0.38 - DLL Hijacking via vci11un6.DLL and cinpl.DLL

Title source: llm

Description

A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/9000x-software-eaton-vulnerability-advisory.pdf

Scores

CVSS v3 7.8

EPSS 0.0040

EPSS Percentile 31.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-427 CWE-426

Status published

Products (1)

eaton/9000x_programming_and_configuration_software < 2.0.38

Published Sep 30, 2020

Tracked Since Feb 18, 2026