Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_EATON_CVE-2023-43776.NASLHistoryOct 25, 2023 - 12:00 a.m.
Eaton easyE4 PLC Inadequate Encryption Strength (CVE-2023-43776)
2023-10-2500:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
eaton
easye4
encryption
6.8 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
6.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.5%
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending).
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501761);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/21");
script_cve_id("CVE-2023-43776");
script_name(english:"Eaton easyE4 PLC Inadequate Encryption Strength (CVE-2023-43776)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Eaton easyE4 PLC offers a device password protection functionality to
facilitate a secure connection and prevent unauthorized access. It was
observed that the device password was stored with a weak encoding
algorithm in the easyE4 program file when exported to SD card (*.PRG
file ending).
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?02516ed8");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-43776");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(326);
script_set_attribute(attribute:"vuln_publication_date", value:"2023/10/17");
script_set_attribute(attribute:"patch_publication_date", value:"2023/10/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:eaton:easy-e4-ac-12rc1p_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:eaton:easy-e4-ac-12rcx1p_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:eaton:easy-e4-ac-16re1p_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:eaton:easy-e4-dc-12tc1p_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:eaton:easy-e4-dc-12tcx1p_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:eaton:easy-e4-dc-16te1p_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:eaton:easy-e4-dc-4pe1p_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:eaton:easy-e4-dc-6ae1p_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:eaton:easy-e4-dc-8te1p_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:eaton:easy-e4-uc-12rc1p_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:eaton:easy-e4-uc-12rcx1p_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:eaton:easy-e4-uc-16re1_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:eaton:easy-e4-uc-16re1p_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:eaton:easy-e4-uc-8re1p_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:eaton:easy_e4-ac-8re1p_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Eaton");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Eaton');
var asset = tenable_ot::assets::get(vendor:'Eaton');
var vuln_cpes = {
"cpe:/o:eaton:easy-e4-ac-12rc1p_firmware" :
{"versionEndExcluding" : "2.02", "family" : "PLCEasyE4"},
"cpe:/o:eaton:easy-e4-ac-12rcx1p_firmware" :
{"versionEndExcluding" : "2.02", "family" : "PLCEasyE4"},
"cpe:/o:eaton:easy-e4-ac-16re1p_firmware" :
{"versionEndExcluding" : "2.02", "family" : "PLCEasyE4"},
"cpe:/o:eaton:easy_e4-ac-8re1p_firmware" :
{"versionEndExcluding" : "2.02", "family" : "PLCEasyE4"},
"cpe:/o:eaton:easy-e4-dc-12tc1p_firmware" :
{"versionEndExcluding" : "2.02", "family" : "PLCEasyE4"},
"cpe:/o:eaton:easy-e4-dc-12tcx1p_firmware" :
{"versionEndExcluding" : "2.02", "family" : "PLCEasyE4"},
"cpe:/o:eaton:easy-e4-dc-16te1p_firmware" :
{"versionEndExcluding" : "2.02", "family" : "PLCEasyE4"},
"cpe:/o:eaton:easy-e4-dc-4pe1p_firmware" :
{"versionEndExcluding" : "2.02", "family" : "PLCEasyE4"},
"cpe:/o:eaton:easy-e4-dc-6ae1p_firmware" :
{"versionEndExcluding" : "2.02", "family" : "PLCEasyE4"},
"cpe:/o:eaton:easy-e4-dc-8te1p_firmware" :
{"versionEndExcluding" : "2.02", "family" : "PLCEasyE4"},
"cpe:/o:eaton:easy-e4-uc-12rc1p_firmware" :
{"versionEndExcluding" : "2.02", "family" : "PLCEasyE4"},
"cpe:/o:eaton:easy-e4-uc-12rcx1p_firmware" :
{"versionEndExcluding" : "2.02", "family" : "PLCEasyE4"},
"cpe:/o:eaton:easy-e4-uc-16re1_firmware" :
{"versionEndExcluding" : "2.02", "family" : "PLCEasyE4"},
"cpe:/o:eaton:easy-e4-uc-16re1p_firmware" :
{"versionEndExcluding" : "2.02", "family" : "PLCEasyE4"},
"cpe:/o:eaton:easy-e4-uc-8re1p_firmware" :
{"versionEndExcluding" : "2.02", "family" : "PLCEasyE4"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| eaton | easy-e4-ac-12rc1p_firmware | cpe:/o:eaton:easy-e4-ac-12rc1p_firmware | |
| eaton | easy-e4-ac-12rcx1p_firmware | cpe:/o:eaton:easy-e4-ac-12rcx1p_firmware | |
| eaton | easy-e4-ac-16re1p_firmware | cpe:/o:eaton:easy-e4-ac-16re1p_firmware | |
| eaton | easy-e4-dc-12tc1p_firmware | cpe:/o:eaton:easy-e4-dc-12tc1p_firmware | |
| eaton | easy-e4-dc-12tcx1p_firmware | cpe:/o:eaton:easy-e4-dc-12tcx1p_firmware | |
| eaton | easy-e4-dc-16te1p_firmware | cpe:/o:eaton:easy-e4-dc-16te1p_firmware | |
| eaton | easy-e4-dc-4pe1p_firmware | cpe:/o:eaton:easy-e4-dc-4pe1p_firmware | |
| eaton | easy-e4-dc-6ae1p_firmware | cpe:/o:eaton:easy-e4-dc-6ae1p_firmware | |
| eaton | easy-e4-dc-8te1p_firmware | cpe:/o:eaton:easy-e4-dc-8te1p_firmware | |
| eaton | easy-e4-uc-12rc1p_firmware | cpe:/o:eaton:easy-e4-uc-12rc1p_firmware |
Related
nvd
nvd
CVE-2023-43776
2023-10-17 13:15:11
cve
cve
CVE-2023-43776
2023-10-17 13:15:11
prion
prion
Default credentials
2023-10-17 13:15:00
cvelist
cvelist
CVE-2023-43776 Weak encoding vulnerability in easyE4
2023-10-17 12:35:09
6.8 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
6.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
21.5%
Related for TENABLE_OT_EATON_CVE-2023-43776.NASL