Weak encoding vulnerability in easyE4
CVE-2023-43776

6.8MEDIUM

Key Information:

Vendor: Eaton
Status: Easye4
Vendor: CVE Published:; 17 October 2023

Badges

👾 Exploit Exists

Summary

Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending).

Affected Version(s)

easyE4 0

References

https://www.eaton.com/content/dam/eaton/company/news-insi...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

🟡
Public PoC available
Nov 7, 2023
👾
Exploit known to exist
Nov 7, 2023
Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Sep 22, 2023

Credit

Manuel Stotz (SySS GmbH)