Eaton EASYsoft (Update A)

CVSS 5.8 MEDIUM

Risk Summary

Successful exploitation of these vulnerabilities could allow a local attacker to modify or crash the program.

CVE-2020-6656 CVE-2020-6655

Eaton has patched the issues and released Version 7.22, which can be downloaded from Eaton's website.
Navigate to Eaton software download center -> Select “Software” -> “easySoft” -> v7.22
Eaton recommends those affected by the report vulnerabilities use only .E70 files created from a fully trusted source.
If the application crashes due to .E70 file upload, restart the application and do not upload the .E70 file again.

Eaton

Eaton · EASYsoft <= 7.20

Critical Manufacturing, Energy, Water and Wastewater Systems

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.