CVE-2023-43776
Severity CVSS v4.0:
Pending analysis
Type:
CWE-326
Inadequate Encryption Strength
Publication date:
17/10/2023
Last modified:
25/10/2023
Description
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending).
Impact
Base Score 3.x
6.60
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:eaton:easy-box-e4-ac1_firmware:*:*:*:*:*:*:*:* | 2.02 (excluding) | |
| cpe:2.3:h:eaton:easy-box-e4-ac1:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:eaton:easy-box-e4-dc1_firmware:*:*:*:*:*:*:*:* | 2.02 (excluding) | |
| cpe:2.3:h:eaton:easy-box-e4-dc1:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:eaton:easy-box-e4-uc1_firmware:*:*:*:*:*:*:*:* | 2.02 (excluding) | |
| cpe:2.3:h:eaton:easy-box-e4-uc1:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:eaton:easy-e4-ac-12rc1p_firmware:*:*:*:*:*:*:*:* | 2.02 (excluding) | |
| cpe:2.3:h:eaton:easy-e4-ac-12rc1p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:eaton:easy-e4-ac-12rcx1p_firmware:*:*:*:*:*:*:*:* | 2.02 (excluding) | |
| cpe:2.3:h:eaton:easy-e4-ac-12rcx1p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:eaton:easy-e4-ac-16re1p_firmware:*:*:*:*:*:*:*:* | 2.02 (excluding) | |
| cpe:2.3:h:eaton:easy-e4-ac-16re1p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:eaton:easy_e4-ac-8re1p_firmware:*:*:*:*:*:*:*:* | 2.02 (excluding) | |
| cpe:2.3:h:eaton:easy_e4-ac-8re1p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:eaton:easy-e4-dc-12tc1p_firmware:*:*:*:*:*:*:*:* | 2.02 (excluding) |
To consult the complete list of CPE names with products and versions, see this page