How severe is CVE-2021-34606?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2021-34606?

This is classified as CWE-427, which is a common weakness in software security.

CVE-2021-34606 - HIGH Severity | CVSS 7.3

Vulnerability Description

A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL. Local access is required to successfully exploit this vulnerability. This means the potential attacker must have access to the system and sufficient file-write privileges. If exploited, the attacker could place a malicious DLL file on the system, that when running XINJE XD/E Series PLC Program Tool will allow the attacker to execute arbitrary code with the privileges of another user's account.

Related Vulnerabilities

CVE-2015-1014

HIGH

CVSS:7.3(High)

A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expe...

CWE-4272015

CVE-2017-4987

HIGH

CVSS:7.3(High)

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potenti...

CWE-4272017

CVE-2018-11049

HIGH

CVSS:7.3(High)

RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unin...

CWE-4272018

CVE-2019-16407

HIGH

CVSS:7.3(High)

JetBrains ReSharper installers for versions before 2019.2 had a DLL Hijacking vulnerability.

CWE-4272019

CVE-2019-19954

HIGH

CVSS:7.3(High)

Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.

CWE-4272019

CVE-2019-3613

HIGH

CVSS:7.3(High)

DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder.

CWE-4272019