CVE-2021-34606

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 11-05-2022 05:15

Last modified: - 19-05-2022 07:41

Total changes: - 2

Description

A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL. Local access is required to successfully exploit this vulnerability. This means the potential attacker must have access to the system and sufficient file-write privileges. If exploited, the attacker could place a malicious DLL file on the system, that when running XINJE XD/E Series PLC Program Tool will allow the attacker to execute arbitrary code with the privileges of another user's account.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Low

Privileges required

Unchanged

Scope

Required

User interaction

7.3

Base score

1.3

5.9

Exploitability score

Impact score

Verification logic

vendor=xinje AND product=xd\/e_series_plc_program_tool AND versionEndIncluding=3.5.1

Reference

https://claroty.com/2022/05/11/blog-research-from-project-file-to-code-execution-exploiting-vulnerabilities-in-xinje-plc-program-tool/

Keywords

CVE-2021-34606

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-34606

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures