{ "id": "CVE-2023-43776", "sourceIdentifier": "CybersecurityCOE@eaton.com", "published": "2023-10-17T13:15:11.750", "lastModified": "2023-10-25T13:38:32.223", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending)." }, { "lang": "es", "value": "Eaton easyE4 PLC ofrece una funcionalidad de protecci\u00f3n con contrase\u00f1a del dispositivo para facilitar una conexi\u00f3n segura y evitar el acceso no autorizado. Se observ\u00f3 que la contrase\u00f1a del dispositivo se almacen\u00f3 con un algoritmo de codificaci\u00f3n d\u00e9bil en el archivo del programa easyE4 cuando se export\u00f3 a la tarjeta SD (final de archivo *.PRG)." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 0.7, "impactScore": 5.9 }, { "source": "CybersecurityCOE@eaton.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "attackVector": "PHYSICAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 0.2, "impactScore": 6.0 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-326" } ] }, { "source": "CybersecurityCOE@eaton.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-261" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:easy-box-e4-ac1:-:*:*:*:*:*:*:*", "matchCriteriaId": "8206719B-D602-4085-8936-A764C8C8400D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:easy-box-e4-ac1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "C5BBDB77-0A3E-469B-B76D-8EC19B302DF8" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:easy-box-e4-dc1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "5A3817C5-D716-41B2-A9C4-E43B6A214F7E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:easy-box-e4-dc1:-:*:*:*:*:*:*:*", "matchCriteriaId": "75CD25E6-E3DF-411D-A47D-8B00F46863BF" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:easy-box-e4-uc1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "A64743A8-383F-47DA-AADA-93F97A40EC97" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:easy-box-e4-uc1:-:*:*:*:*:*:*:*", "matchCriteriaId": "09C357B2-009E-4302-B7E4-D0A3843FB87A" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:easy-e4-ac-12rc1p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "A1557C4B-5FE7-4679-8EC7-229159BF87E0" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:easy-e4-ac-12rc1p:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFD509FB-5AEC-4FC5-980C-A7F10C283068" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:easy-e4-ac-12rcx1p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "1C824881-E4E5-4937-B35B-99DD0D3106A7" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:easy-e4-ac-12rcx1p:-:*:*:*:*:*:*:*", "matchCriteriaId": "E2FC53F4-065C-44AB-802D-A379F2F310DF" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:easy-e4-ac-16re1p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "DD7B996D-B682-4541-A48E-E7250BC372FB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:easy-e4-ac-16re1p:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A1AD643-3CE2-4E48-A782-49EFCF032658" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:easy_e4-ac-8re1p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "7EFB9F56-3BEC-44C2-A99F-DC69648D25FE" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:easy_e4-ac-8re1p:-:*:*:*:*:*:*:*", "matchCriteriaId": "40B64BF7-0DB6-494C-8CB9-6026E85E6B82" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:easy-e4-dc-12tc1p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "700AD35D-FF04-4AAE-8A33-1C34761818B1" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:easy-e4-dc-12tc1p:-:*:*:*:*:*:*:*", "matchCriteriaId": "B786B47D-BDE2-405F-BB0D-4D665769AEF8" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:easy-e4-dc-12tcx1p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "3F33FE20-0D6B-4ACA-81CB-6FC343D41D7E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:easy-e4-dc-12tcx1p:-:*:*:*:*:*:*:*", "matchCriteriaId": "B85AA28F-9316-4C83-846D-6061F2C635A9" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:easy-e4-dc-16te1p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "BA15EBFB-11CC-4758-A64A-9157F505D464" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:easy-e4-dc-16te1p:-:*:*:*:*:*:*:*", "matchCriteriaId": "937463C0-CE8A-44E8-A270-511D239D9AE5" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:easy-e4-dc-4pe1p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "298AE4F1-FF3B-4D0E-8278-F2DBAA3FCD3D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:easy-e4-dc-4pe1p:-:*:*:*:*:*:*:*", "matchCriteriaId": "48D501EE-3A96-4503-8F26-C84CC4C66DD2" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:easy-e4-dc-6ae1p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "58501BCB-F11B-4734-92A9-5745979212BE" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:easy-e4-dc-6ae1p:-:*:*:*:*:*:*:*", "matchCriteriaId": "68B9AB6C-A483-426C-B6A4-2D5935606FFE" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:easy-e4-dc-8te1p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "BCE9EB77-1EF2-4CAB-A131-F8919ED82FBB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:easy-e4-dc-8te1p:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8015DCE-6C8C-4DAE-95F4-82D661305788" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:easy-e4-uc-12rc1p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "4671E23E-8104-449B-B1E2-D0F9B61D48B2" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:easy-e4-uc-12rc1p:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDB7DAF7-3AD5-4F7B-9F10-699BFED9070D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:easy-e4-uc-12rcx1p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "DE075495-E6B4-428C-BCD6-FE5A9A3A45BA" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:easy-e4-uc-12rcx1p:-:*:*:*:*:*:*:*", "matchCriteriaId": "D06C9DD3-7E47-4151-8F26-321F0349796F" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:easy-e4-uc-16re1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "9EC7853B-16AE-4F1B-AEE7-0652A4F45B1C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:easy-e4-uc-16re1:-:*:*:*:*:*:*:*", "matchCriteriaId": "FCA1EC8B-8ED6-48A7-9928-3AB39C0A97BE" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:easy-e4-uc-16re1p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "B2EB8D62-5B36-45F6-AA07-FF23A2A82126" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:easy-e4-uc-16re1p:-:*:*:*:*:*:*:*", "matchCriteriaId": "87D7ACFC-9057-4E1A-AFA6-86C52501EB7D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:easy-e4-uc-8re1p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "44CF72BE-1470-4FA3-B0B9-1C2104B2574C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:easy-e4-uc-8re1p:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDC6E077-EC3C-4731-9121-A398946B6B30" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:xv-102-a035tqrb-1e4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "C66C13D9-6D90-4076-B05B-1658958FD8EB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:xv-102-a035tqrb-1e4:-:*:*:*:*:*:*:*", "matchCriteriaId": "034E43AF-EF91-4C67-9040-939822748250" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:xv-102-a3-57tvrb-1e4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "286C4664-5450-4F2D-81F1-A76B034136A6" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:xv-102-a3-57tvrb-1e4:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5B35A76-958F-4B5A-BC96-E2F1A17D11FE" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:xv100-box-e4-dc1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "C3585D6D-4786-4C25-A878-D453CFD0AA59" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:xv100-box-e4-dc1:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC9E5C72-66BF-49D3-A95D-07D226B95787" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:eaton:xv100-box-e4-uc1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.02", "matchCriteriaId": "2AFCCDCF-377D-49B0-BD03-BDE286A50622" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:eaton:xv100-box-e4-uc1:-:*:*:*:*:*:*:*", "matchCriteriaId": "740AD1F6-E59F-4343-AFB1-B8CB75543F62" } ] } ] } ], "references": [ { "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf", "source": "CybersecurityCOE@eaton.com", "tags": [ "Mitigation", "Vendor Advisory" ] } ] }