Vulnerability Details CVE-2021-34606
A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL. Local access is required to successfully exploit this vulnerability. This means the potential attacker must have access to the system and sufficient file-write privileges. If exploited, the attacker could place a malicious DLL file on the system, that when running XINJE XD/E Series PLC Program Tool will allow the attacker to execute arbitrary code with the privileges of another user's account.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.9%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 6.9
References
Products affected by CVE-2021-34606
-
cpe:2.3:a:xinje:xd/e_series_plc_program_tool:*