Root Access Vulnerability in Eaton X303 PLCs
CVE-2024-57811

9.1CRITICAL

Key Information:

Vendor: Eaton
Vendor: CVE Published:; 13 January 2025

What is CVE-2024-57811?

The Eaton X303 PLC firmware versions 3.5.16 and 3.5.17 Build 712 contain a serious security issue that allows an attacker with network access to gain unauthorized root access via SSH. This vulnerability is due to the hardcoded root password in the firmware, which poses a critical risk to the integrity and security of industrial control systems. Furthermore, it is important to note that these affected versions are no longer supported by Eaton, leaving systems vulnerable if they remain in use.

References

https://github.com/google/security-research/security/advi...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2025