CVE-2023-43776
MEDIUM EPSS 2.3%
Published Oct 17, 20232y ago · Modified Jun 17, 20261w ago
6.6 CVSS 3.1
Published Oct 17, 2023 2y ago
Last Modified Jun 17, 2026 1w ago
Description
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending).
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Attack Vector Physical
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
2.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 2
CWE-261
CWE-326
Affected Products 44
| Vendor | Product | Version | Range |
|---|---|---|---|
| eaton | easy-box-e4-ac1_firmware | * | <2.02 |
| eaton | easy-box-e4-ac1 | * | any |
| eaton | easy-box-e4-dc1_firmware | * | <2.02 |
| eaton | easy-box-e4-dc1 | * | any |
| eaton | easy-box-e4-uc1_firmware | * | <2.02 |
| eaton | easy-box-e4-uc1 | * | any |
| eaton | easy-e4-ac-12rc1p_firmware | * | <2.02 |
| eaton | easy-e4-ac-12rc1p | * | any |
| eaton | easy-e4-ac-12rcx1p_firmware | * | <2.02 |
| eaton | easy-e4-ac-12rcx1p | * | any |
| eaton | easy-e4-ac-16re1p_firmware | * | <2.02 |
| eaton | easy-e4-ac-16re1p | * | any |
| eaton | easy_e4-ac-8re1p_firmware | * | <2.02 |
| eaton | easy_e4-ac-8re1p | * | any |
| eaton | easy-e4-dc-12tc1p_firmware | * | <2.02 |
| eaton | easy-e4-dc-12tc1p | * | any |
| eaton | easy-e4-dc-12tcx1p_firmware | * | <2.02 |
| eaton | easy-e4-dc-12tcx1p | * | any |
| eaton | easy-e4-dc-16te1p_firmware | * | <2.02 |
| eaton | easy-e4-dc-16te1p | * | any |
| eaton | easy-e4-dc-4pe1p_firmware | * | <2.02 |
| eaton | easy-e4-dc-4pe1p | * | any |
| eaton | easy-e4-dc-6ae1p_firmware | * | <2.02 |
| eaton | easy-e4-dc-6ae1p | * | any |
| eaton | easy-e4-dc-8te1p_firmware | * | <2.02 |
| eaton | easy-e4-dc-8te1p | * | any |
| eaton | easy-e4-uc-12rc1p_firmware | * | <2.02 |
| eaton | easy-e4-uc-12rc1p | * | any |
| eaton | easy-e4-uc-12rcx1p_firmware | * | <2.02 |
| eaton | easy-e4-uc-12rcx1p | * | any |
| eaton | easy-e4-uc-16re1_firmware | * | <2.02 |
| eaton | easy-e4-uc-16re1 | * | any |
| eaton | easy-e4-uc-16re1p_firmware | * | <2.02 |
| eaton | easy-e4-uc-16re1p | * | any |
| eaton | easy-e4-uc-8re1p_firmware | * | <2.02 |
| eaton | easy-e4-uc-8re1p | * | any |
| eaton | xv-102-a035tqrb-1e4_firmware | * | <2.02 |
| eaton | xv-102-a035tqrb-1e4 | * | any |
| eaton | xv-102-a3-57tvrb-1e4_firmware | * | <2.02 |
| eaton | xv-102-a3-57tvrb-1e4 | * | any |
| eaton | xv100-box-e4-dc1_firmware | * | <2.02 |
| eaton | xv100-box-e4-dc1 | * | any |
| eaton | xv100-box-e4-uc1_firmware | * | <2.02 |
| eaton | xv100-box-e4-uc1 | * | any |
References 1
- eaton.com https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.