CVE-2021-34606

Name of the Vulnerable Software and Affected Versions XINJE XD/E Series PLC Program Tool versions up to v3.5.1

Description A vulnerability exists that can allow an authenticated, local attacker to load a malicious DLL, requiring local access and sufficient file-write privileges to exploit. If exploited, the attacker could place a malicious DLL file on the system, allowing them to execute arbitrary code with the privileges of another user's account.

Recommendations For versions up to v3.5.1, consider restricting file-write privileges to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the loading of external DLLs in the XINJE XD/E Series PLC Program Tool until a patch is available.