CVE-2023-43776 MEDIUM

CVE-2023-43776: Weak encoding vulnerability in easyE4

Vendor Eaton
Product easyE4
Weakness CWE-261
Published October 17, 2023
Last update September 13, 2024

CVSS base score

6.8/10
Attack vector Physical
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending).

Key dates

02Disclosure timeline

October 17, 2023 CVE published
September 13, 2024 Record updated