CVE-2023-43776

EPSS 0.03%
Veröffentlicht 17.10.2023 13:15:11
Zuletzt bearbeitet 21.11.2024 08:24:45
Quelle CybersecurityCOE@eaton.com
CVE-Watchlists
Login
Unerledigt
Login

Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Eaton ≫ Easy-box-e4-ac1 Firmware Version < 2.02

Eaton ≫ Easy-box-e4-ac1 Version-

Eaton ≫ Easy-box-e4-dc1 Firmware Version < 2.02

Eaton ≫ Easy-box-e4-dc1 Version-

Eaton ≫ Easy-box-e4-uc1 Firmware Version < 2.02

Eaton ≫ Easy-box-e4-uc1 Version-

Eaton ≫ Easy-e4-ac-12rc1p Firmware Version < 2.02

Eaton ≫ Easy-e4-ac-12rc1p Version-

Eaton ≫ Easy-e4-ac-12rcx1p Firmware Version < 2.02

Eaton ≫ Easy-e4-ac-12rcx1p Version-

Eaton ≫ Easy-e4-ac-16re1p Firmware Version < 2.02

Eaton ≫ Easy-e4-ac-16re1p Version-

Eaton ≫ Easy E4-ac-8re1p Firmware Version < 2.02

Eaton ≫ Easy E4-ac-8re1p Version-

Eaton ≫ Easy-e4-dc-12tc1p Firmware Version < 2.02

Eaton ≫ Easy-e4-dc-12tc1p Version-

Eaton ≫ Easy-e4-dc-12tcx1p Firmware Version < 2.02

Eaton ≫ Easy-e4-dc-12tcx1p Version-

Eaton ≫ Easy-e4-dc-16te1p Firmware Version < 2.02

Eaton ≫ Easy-e4-dc-16te1p Version-

Eaton ≫ Easy-e4-dc-4pe1p Firmware Version < 2.02

Eaton ≫ Easy-e4-dc-4pe1p Version-

Eaton ≫ Easy-e4-dc-6ae1p Firmware Version < 2.02

Eaton ≫ Easy-e4-dc-6ae1p Version-

Eaton ≫ Easy-e4-dc-8te1p Firmware Version < 2.02

Eaton ≫ Easy-e4-dc-8te1p Version-

Eaton ≫ Easy-e4-uc-12rc1p Firmware Version < 2.02

Eaton ≫ Easy-e4-uc-12rc1p Version-

Eaton ≫ Easy-e4-uc-12rcx1p Firmware Version < 2.02

Eaton ≫ Easy-e4-uc-12rcx1p Version-

Eaton ≫ Easy-e4-uc-16re1 Firmware Version < 2.02

Eaton ≫ Easy-e4-uc-16re1 Version-

Eaton ≫ Easy-e4-uc-16re1p Firmware Version < 2.02

Eaton ≫ Easy-e4-uc-16re1p Version-

Eaton ≫ Easy-e4-uc-8re1p Firmware Version < 2.02

Eaton ≫ Easy-e4-uc-8re1p Version-

Eaton ≫ Xv-102-a035tqrb-1e4 Firmware Version < 2.02

Eaton ≫ Xv-102-a035tqrb-1e4 Version-

Eaton ≫ Xv-102-a3-57tvrb-1e4 Firmware Version < 2.02

Eaton ≫ Xv-102-a3-57tvrb-1e4 Version-

Eaton ≫ Xv100-box-e4-dc1 Firmware Version < 2.02

Eaton ≫ Xv100-box-e4-dc1 Version-

Eaton ≫ Xv100-box-e4-uc1 Firmware Version < 2.02

Eaton ≫ Xv100-box-e4-uc1 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.069

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.6	0.7	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CybersecurityCOE@eaton.com	6.8	0.2	6	CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE-261 Weak Encoding for Password

Obscuring a password with a trivial encoding does not protect the password.

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2023-43776

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-43776

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-43776

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-43776