Lucene search

EatonCVELIST:CVE-2023-43776

HistoryOct 17, 2023 - 12:35 p.m.

CVE-2023-43776 Weak encoding vulnerability in easyE4

2023-10-1712:35:09

CWE-261

Eaton

www.cve.org

cve-2023-43776

easye4

plc

device password

vulnerability

encoding

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.5%

JSON

Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending).

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "easyE4",
    "vendor": "Eaton",
    "versions": [
      {
        "lessThan": "2.02",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.5%

JSON

Related for CVELIST:CVE-2023-43776