Search criteria
3 vulnerabilities found for easy-box-e4-uc1_firmware by eaton
FKIE_CVE-2023-43776
Vulnerability from fkie_nvd - Published: 2023-10-17 13:15 - Updated: 2024-11-21 08:24
Severity ?
6.8 (Medium) - CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
6.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:easy-box-e4-ac1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BBDB77-0A3E-469B-B76D-8EC19B302DF8",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:easy-box-e4-ac1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8206719B-D602-4085-8936-A764C8C8400D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:easy-box-e4-dc1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3817C5-D716-41B2-A9C4-E43B6A214F7E",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:easy-box-e4-dc1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75CD25E6-E3DF-411D-A47D-8B00F46863BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:easy-box-e4-uc1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A64743A8-383F-47DA-AADA-93F97A40EC97",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:easy-box-e4-uc1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09C357B2-009E-4302-B7E4-D0A3843FB87A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:easy-e4-ac-12rc1p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1557C4B-5FE7-4679-8EC7-229159BF87E0",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:easy-e4-ac-12rc1p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD509FB-5AEC-4FC5-980C-A7F10C283068",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:easy-e4-ac-12rcx1p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C824881-E4E5-4937-B35B-99DD0D3106A7",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:easy-e4-ac-12rcx1p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FC53F4-065C-44AB-802D-A379F2F310DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:easy-e4-ac-16re1p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7B996D-B682-4541-A48E-E7250BC372FB",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:easy-e4-ac-16re1p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1AD643-3CE2-4E48-A782-49EFCF032658",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:easy_e4-ac-8re1p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFB9F56-3BEC-44C2-A99F-DC69648D25FE",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:easy_e4-ac-8re1p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40B64BF7-0DB6-494C-8CB9-6026E85E6B82",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:easy-e4-dc-12tc1p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "700AD35D-FF04-4AAE-8A33-1C34761818B1",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:easy-e4-dc-12tc1p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B786B47D-BDE2-405F-BB0D-4D665769AEF8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:easy-e4-dc-12tcx1p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F33FE20-0D6B-4ACA-81CB-6FC343D41D7E",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:easy-e4-dc-12tcx1p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B85AA28F-9316-4C83-846D-6061F2C635A9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:easy-e4-dc-16te1p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA15EBFB-11CC-4758-A64A-9157F505D464",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:easy-e4-dc-16te1p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "937463C0-CE8A-44E8-A270-511D239D9AE5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:easy-e4-dc-4pe1p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "298AE4F1-FF3B-4D0E-8278-F2DBAA3FCD3D",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:easy-e4-dc-4pe1p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48D501EE-3A96-4503-8F26-C84CC4C66DD2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:easy-e4-dc-6ae1p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58501BCB-F11B-4734-92A9-5745979212BE",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:easy-e4-dc-6ae1p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68B9AB6C-A483-426C-B6A4-2D5935606FFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:easy-e4-dc-8te1p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE9EB77-1EF2-4CAB-A131-F8919ED82FBB",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:easy-e4-dc-8te1p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8015DCE-6C8C-4DAE-95F4-82D661305788",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:easy-e4-uc-12rc1p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4671E23E-8104-449B-B1E2-D0F9B61D48B2",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:easy-e4-uc-12rc1p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB7DAF7-3AD5-4F7B-9F10-699BFED9070D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:easy-e4-uc-12rcx1p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE075495-E6B4-428C-BCD6-FE5A9A3A45BA",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:easy-e4-uc-12rcx1p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D06C9DD3-7E47-4151-8F26-321F0349796F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:easy-e4-uc-16re1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC7853B-16AE-4F1B-AEE7-0652A4F45B1C",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:easy-e4-uc-16re1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA1EC8B-8ED6-48A7-9928-3AB39C0A97BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:easy-e4-uc-16re1p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EB8D62-5B36-45F6-AA07-FF23A2A82126",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:easy-e4-uc-16re1p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87D7ACFC-9057-4E1A-AFA6-86C52501EB7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:easy-e4-uc-8re1p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44CF72BE-1470-4FA3-B0B9-1C2104B2574C",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:easy-e4-uc-8re1p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC6E077-EC3C-4731-9121-A398946B6B30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:xv-102-a035tqrb-1e4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C66C13D9-6D90-4076-B05B-1658958FD8EB",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:xv-102-a035tqrb-1e4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "034E43AF-EF91-4C67-9040-939822748250",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:xv-102-a3-57tvrb-1e4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286C4664-5450-4F2D-81F1-A76B034136A6",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:xv-102-a3-57tvrb-1e4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B35A76-958F-4B5A-BC96-E2F1A17D11FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:xv100-box-e4-dc1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3585D6D-4786-4C25-A878-D453CFD0AA59",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:xv100-box-e4-dc1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9E5C72-66BF-49D3-A95D-07D226B95787",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eaton:xv100-box-e4-uc1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFCCDCF-377D-49B0-BD03-BDE286A50622",
"versionEndExcluding": "2.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eaton:xv100-box-e4-uc1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "740AD1F6-E59F-4343-AFB1-B8CB75543F62",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending)."
},
{
"lang": "es",
"value": "Eaton easyE4 PLC ofrece una funcionalidad de protecci\u00f3n con contrase\u00f1a del dispositivo para facilitar una conexi\u00f3n segura y evitar el acceso no autorizado. Se observ\u00f3 que la contrase\u00f1a del dispositivo se almacen\u00f3 con un algoritmo de codificaci\u00f3n d\u00e9bil en el archivo del programa easyE4 cuando se export\u00f3 a la tarjeta SD (final de archivo *.PRG)."
}
],
"id": "CVE-2023-43776",
"lastModified": "2024-11-21T08:24:45.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.2,
"impactScore": 6.0,
"source": "CybersecurityCOE@eaton.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-17T13:15:11.750",
"references": [
{
"source": "CybersecurityCOE@eaton.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf"
}
],
"sourceIdentifier": "CybersecurityCOE@eaton.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-261"
}
],
"source": "CybersecurityCOE@eaton.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-43776 (GCVE-0-2023-43776)
Vulnerability from cvelistv5 – Published: 2023-10-17 12:35 – Updated: 2024-09-13 16:27
VLAI?
Summary
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending).
Severity ?
6.8 (Medium)
CWE
- CWE-261 - Weak Encoding for Password
Assigner
References
Credits
Manuel Stotz (SySS GmbH)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T16:27:11.169786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T16:27:22.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "easyE4",
"vendor": "Eaton",
"versions": [
{
"lessThan": "2.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Manuel Stotz (SySS GmbH)"
}
],
"datePublic": "2023-10-19T12:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending)."
}
],
"value": "Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-261",
"description": "CWE-261 Weak Encoding for Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T12:35:09.849Z",
"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
"shortName": "Eaton"
},
"references": [
{
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Weak encoding vulnerability in easyE4",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
"assignerShortName": "Eaton",
"cveId": "CVE-2023-43776",
"datePublished": "2023-10-17T12:35:09.849Z",
"dateReserved": "2023-09-22T05:10:55.258Z",
"dateUpdated": "2024-09-13T16:27:22.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43776 (GCVE-0-2023-43776)
Vulnerability from nvd – Published: 2023-10-17 12:35 – Updated: 2024-09-13 16:27
VLAI?
Summary
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending).
Severity ?
6.8 (Medium)
CWE
- CWE-261 - Weak Encoding for Password
Assigner
References
Credits
Manuel Stotz (SySS GmbH)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T16:27:11.169786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T16:27:22.502Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "easyE4",
"vendor": "Eaton",
"versions": [
{
"lessThan": "2.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Manuel Stotz (SySS GmbH)"
}
],
"datePublic": "2023-10-19T12:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending)."
}
],
"value": "Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-261",
"description": "CWE-261 Weak Encoding for Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T12:35:09.849Z",
"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
"shortName": "Eaton"
},
"references": [
{
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Weak encoding vulnerability in easyE4",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
"assignerShortName": "Eaton",
"cveId": "CVE-2023-43776",
"datePublished": "2023-10-17T12:35:09.849Z",
"dateReserved": "2023-09-22T05:10:55.258Z",
"dateUpdated": "2024-09-13T16:27:22.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}