CVE-2020-6656— File parsing Type Confusion Remote code execution vulerability

CVSS 5.8 · Medium EPSS 0.80% · P74 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-6656

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

File parsing Type Confusion Remote code execution vulerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file parsing type confusion remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user upload a malformed .E70 file in the application. The vulnerability arises due to improper validation of user data supplied through E70 file which is causing Type Confusion.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

使用不兼容类型访问资源(类型混淆)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Eaton Easysoft 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Eaton Easysoft是美国伊顿（Eaton）公司的一款应用于工业领域的编程应用。该软件用于用于对Easy控制器和显示器进行编程，可对电路图按照格式进行编辑和展示。 Eaton easySoft software v7.20 存在安全漏洞，攻击者可利用该漏洞执行恶意代码或通过欺骗用户在应用程序中上传格式不正确的.e70文件使应用程序崩溃。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Eaton	easySoft Software	v7.xx prior to v7.22	-

II. Public POCs for CVE-2020-6656

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-6656

请登录查看更多情报信息。

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdfx_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-20-1442/x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-20-1441/x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-20-1444/x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2020-6656

IV. Related Vulnerabilities

Same product: easySoft Software

CVE-2020-6655
File parsing Out-Of-Bounds read remote code execution

Same vendor: Eaton

Same weakness: CWE-843

V. Comments for CVE-2020-6656

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-6656— File parsing Type Confusion Remote code execution vulerability

I. Basic Information for CVE-2020-6656

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-6656

III. Intelligence Information for CVE-2020-6656

IV. Related Vulnerabilities

V. Comments for CVE-2020-6656

Leave a comment