CVE-2021-34606 HIGH

CVE-2021-34606: XINJE XD/E Series PLC Program Tool DLL Hijacking

Vendor Xinje
Product XD/E Series PLC Program Tool
Weakness CWE-427
Published May 11, 2022
Last update September 16, 2024

CVSS base score

7.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL. Local access is required to successfully exploit this vulnerability. This means the potential attacker must have access to the system and sufficient file-write privileges. If exploited, the attacker could place a malicious DLL file on the system, that when running XINJE XD/E Series PLC Program Tool will allow the attacker to execute arbitrary code with the privileges of another user's account.

Key dates

02Disclosure timeline

May 11, 2022 CVE published
September 16, 2024 Record updated