cnvd - cnvd-2020-33776

CNVD-2020-33776

Vulnerability from cnvd - Published: 2020-06-21

Title

Eaton UPS companion software代码注入漏洞

Description

Eaton UPS companion software是美国Eaton公司的一套不间断电源管理软件。 Eaton UPS companion software v1.05及之前版本中存在代码注入漏洞。攻击者可利用该漏洞在受影响的计算机上执行任意代码。

Severity

中

Patch Name

Eaton UPS companion software代码注入漏洞的补丁

Patch Description

Eaton UPS companion software是美国Eaton公司的一套不间断电源管理软件。 Eaton UPS companion software v1.05及之前版本中存在代码注入漏洞。攻击者可利用该漏洞在受影响的计算机上执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-UPS-companion-software.pdf

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-6650

Impacted products

Name
Eaton UPS companion software <1.05

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-6650"
    }
  },
  "description": "Eaton UPS companion software\u662f\u7f8e\u56fdEaton\u516c\u53f8\u7684\u4e00\u5957\u4e0d\u95f4\u65ad\u7535\u6e90\u7ba1\u7406\u8f6f\u4ef6\u3002\n\nEaton UPS companion software v1.05\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u8ba1\u7b97\u673a\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-UPS-companion-software.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-33776",
  "openTime": "2020-06-21",
  "patchDescription": "Eaton UPS companion software\u662f\u7f8e\u56fdEaton\u516c\u53f8\u7684\u4e00\u5957\u4e0d\u95f4\u65ad\u7535\u6e90\u7ba1\u7406\u8f6f\u4ef6\u3002\r\n\r\nEaton UPS companion software v1.05\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u8ba1\u7b97\u673a\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Eaton UPS companion software\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Eaton UPS companion software \u003c1.05"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-6650",
  "serverity": "\u4e2d",
  "submitTime": "2020-03-24",
  "title": "Eaton UPS companion software\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2020-6650 (GCVE-0-2020-6650)

Vulnerability from cvelistv5 – Published: 2020-03-23 13:25 – Updated: 2024-09-16 20:07

Summary

UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.”eval” in “Update Manager” class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed.

Severity ?

8.3 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Assigner

Eaton

References

URL

Tags

https://www.eaton.com/content/dam/eaton/company/n…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Eaton	UPS Companion Software	Affected: unspecified , ≤ 1.05 (custom)

Credits

Ravjot Singh Samra

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:11:04.527Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-UPS-companion-software.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "UPS Companion Software",
          "vendor": "Eaton",
          "versions": [
            {
              "lessThanOrEqual": "1.05",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ravjot Singh Samra"
        }
      ],
      "datePublic": "2020-03-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "UPS companion software v1.05 \u0026 Prior is affected by \u2018Eval Injection\u2019 vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.\u201deval\u201d in \u201cUpdate Manager\u201d class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-95",
              "description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-23T13:25:43",
        "orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
        "shortName": "Eaton"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-UPS-companion-software.pdf"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Download and install the latest version from product  website."
        }
      ],
      "source": {
        "advisory": "ETN-VA-2020-1001",
        "defect": [
          "ETN-VA-2020-1001"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Arbitrary code execution through \u201cUpdate Manager\u201d Class",
      "workarounds": [
        {
          "lang": "en",
          "value": "Connect the host machine behind firewall and do not expose directly to internet."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "Eval Injection",
          "ASSIGNER": "CybersecurityCOE@eaton.com",
          "DATE_PUBLIC": "2020-03-20T07:35:00.000Z",
          "ID": "CVE-2020-6650",
          "STATE": "PUBLIC",
          "TITLE": "Arbitrary code execution through \u201cUpdate Manager\u201d Class"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "UPS Companion Software",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "1.05"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Eaton"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Ravjot Singh Samra"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "UPS companion software v1.05 \u0026 Prior is affected by \u2018Eval Injection\u2019 vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.\u201deval\u201d in \u201cUpdate Manager\u201d class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-UPS-companion-software.pdf",
              "refsource": "MISC",
              "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-UPS-companion-software.pdf"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Download and install the latest version from product  website."
          }
        ],
        "source": {
          "advisory": "ETN-VA-2020-1001",
          "defect": [
            "ETN-VA-2020-1001"
          ],
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Connect the host machine behind firewall and do not expose directly to internet."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
    "assignerShortName": "Eaton",
    "cveId": "CVE-2020-6650",
    "datePublished": "2020-03-23T13:25:43.903537Z",
    "dateReserved": "2020-01-09T00:00:00",
    "dateUpdated": "2024-09-16T20:07:28.680Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-33776

CVE-2020-6650 (GCVE-0-2020-6650)

Tags

Sightings

Nomenclature