Root Access Vulnerability in Eaton X303 PLCs
CVE-2024-57811
9.1CRITICAL
Summary
The Eaton X303 PLC firmware versions 3.5.16 and 3.5.17 Build 712 contain a serious security issue that allows an attacker with network access to gain unauthorized root access via SSH. This vulnerability is due to the hardcoded root password in the firmware, which poses a critical risk to the integrity and security of industrial control systems. Furthermore, it is important to note that these affected versions are no longer supported by Eaton, leaving systems vulnerable if they remain in use.
References
CVSS V3.1
Score:
9.1
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published