CVE-2023-43776

Summary

Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending).

Affected Software

VendorProductVersion RangeStatus
EatoneasyE40 < 2.02affected

Weaknesses

  • CWE-261: CWE-261 Weak Encoding for Password

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References