CVE-2023-43776

Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending).

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.2 / Impact : 6.0

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf	Mitigation Vendor Advisory
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:eaton:easy-box-e4-ac1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:easy-box-e4-ac1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:eaton:easy-box-e4-dc1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:easy-box-e4-dc1:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:eaton:easy-box-e4-uc1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:easy-box-e4-uc1:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:eaton:easy-e4-ac-12rc1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:easy-e4-ac-12rc1p:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:eaton:easy-e4-ac-12rcx1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:easy-e4-ac-12rcx1p:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:eaton:easy-e4-ac-16re1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:easy-e4-ac-16re1p:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:eaton:easy_e4-ac-8re1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:easy_e4-ac-8re1p:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:eaton:easy-e4-dc-12tc1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:easy-e4-dc-12tc1p:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:eaton:easy-e4-dc-12tcx1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:easy-e4-dc-12tcx1p:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:eaton:easy-e4-dc-16te1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:easy-e4-dc-16te1p:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:eaton:easy-e4-dc-4pe1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:easy-e4-dc-4pe1p:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:eaton:easy-e4-dc-6ae1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:easy-e4-dc-6ae1p:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:eaton:easy-e4-dc-8te1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:easy-e4-dc-8te1p:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:eaton:easy-e4-uc-12rc1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:easy-e4-uc-12rc1p:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:eaton:easy-e4-uc-12rcx1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:easy-e4-uc-12rcx1p:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:eaton:easy-e4-uc-16re1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:easy-e4-uc-16re1:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:eaton:easy-e4-uc-16re1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:easy-e4-uc-16re1p:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:eaton:easy-e4-uc-8re1p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:easy-e4-uc-8re1p:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:eaton:xv-102-a035tqrb-1e4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:xv-102-a035tqrb-1e4:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:eaton:xv-102-a3-57tvrb-1e4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:xv-102-a3-57tvrb-1e4:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:eaton:xv100-box-e4-dc1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:xv100-box-e4-dc1:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:eaton:xv100-box-e4-uc1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:eaton:xv100-box-e4-uc1:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:24

Type	Values Removed	Values Added
References	~~() https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf - Mitigation, Vendor Advisory~~	() https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf - Mitigation, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~6.6~~	v2 : unknown v3 : 6.8

25 Oct 2023, 13:38

Type	Values Removed	Values Added
References	~~(MISC) https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf -~~	(MISC) https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf - Mitigation, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.6
CWE		CWE-326
CPE		cpe:2.3:h:eaton:easy-box-e4-dc1:-:::::::* cpe:2.3:o:eaton:easy-e4-ac-16re1p_firmware:::::::: cpe:2.3:h:eaton:xv-102-a3-57tvrb-1e4:-:::::::* cpe:2.3:o:eaton:easy-e4-uc-12rcx1p_firmware:::::::: cpe:2.3:o:eaton:easy-e4-uc-16re1_firmware:::::::: cpe:2.3:h:eaton:easy-e4-uc-12rc1p:-:::::::* cpe:2.3:o:eaton:easy-e4-dc-6ae1p_firmware:::::::: cpe:2.3:o:eaton:xv100-box-e4-uc1_firmware:::::::: cpe:2.3:h:eaton:easy-e4-dc-8te1p:-:::::::* cpe:2.3:h:eaton:easy-box-e4-uc1:-:::::::* cpe:2.3:h:eaton:easy-e4-uc-16re1p:-:::::::* cpe:2.3:h:eaton:xv-102-a035tqrb-1e4:-:::::::* cpe:2.3:o:eaton:xv-102-a3-57tvrb-1e4_firmware:::::::: cpe:2.3:h:eaton:easy-e4-ac-16re1p:-:::::::* cpe:2.3:h:eaton:easy-e4-ac-12rcx1p:-:::::::* cpe:2.3:h:eaton:easy-e4-dc-12tc1p:-:::::::* cpe:2.3:o:eaton:easy-box-e4-ac1_firmware:::::::: cpe:2.3:o:eaton:easy-box-e4-dc1_firmware:::::::: cpe:2.3:o:eaton:easy-e4-uc-12rc1p_firmware:::::::: cpe:2.3:h:eaton:easy_e4-ac-8re1p:-:::::::* cpe:2.3:h:eaton:easy-e4-uc-16re1:-:::::::* cpe:2.3:h:eaton:easy-e4-uc-12rcx1p:-:::::::* cpe:2.3:o:eaton:xv100-box-e4-dc1_firmware:::::::: cpe:2.3:o:eaton:easy-e4-uc-8re1p_firmware:::::::: cpe:2.3:o:eaton:easy-e4-ac-12rc1p_firmware:::::::: cpe:2.3:o:eaton:easy-e4-dc-12tc1p_firmware:::::::: cpe:2.3:h:eaton:easy-box-e4-ac1:-:::::::* cpe:2.3:h:eaton:easy-e4-dc-6ae1p:-:::::::* cpe:2.3:o:eaton:xv-102-a035tqrb-1e4_firmware:::::::: cpe:2.3:h:eaton:easy-e4-ac-12rc1p:-:::::::* cpe:2.3:h:eaton:easy-e4-dc-4pe1p:-:::::::* cpe:2.3:o:eaton:easy-e4-dc-8te1p_firmware:::::::: cpe:2.3:o:eaton:easy-e4-dc-12tcx1p_firmware:::::::: cpe:2.3:h:eaton:easy-e4-uc-8re1p:-:::::::* cpe:2.3:o:eaton:easy-e4-dc-4pe1p_firmware:::::::: cpe:2.3:h:eaton:xv100-box-e4-uc1:-:::::::* cpe:2.3:h:eaton:easy-e4-dc-12tcx1p:-:::::::* cpe:2.3:o:eaton:easy-e4-uc-16re1p_firmware:::::::: cpe:2.3:o:eaton:easy-e4-ac-12rcx1p_firmware:::::::: cpe:2.3:h:eaton:easy-e4-dc-16te1p:-:::::::* cpe:2.3:o:eaton:easy_e4-ac-8re1p_firmware:::::::: cpe:2.3:o:eaton:easy-box-e4-uc1_firmware:::::::: cpe:2.3:o:eaton:easy-e4-dc-16te1p_firmware:::::::: cpe:2.3:h:eaton:xv100-box-e4-dc1:-:::::::*
First Time		Eaton easy-e4-ac-12rc1p Firmware Eaton xv100-box-e4-uc1 Eaton easy E4-ac-8re1p Eaton easy-e4-uc-16re1 Firmware Eaton xv-102-a035tqrb-1e4 Eaton easy-e4-dc-12tcx1p Eaton easy-e4-ac-16re1p Firmware Eaton easy-e4-dc-8te1p Eaton easy-box-e4-uc1 Eaton easy-box-e4-dc1 Eaton easy-e4-uc-12rcx1p Firmware Eaton easy-box-e4-ac1 Firmware Eaton easy-e4-ac-12rcx1p Eaton xv-102-a3-57tvrb-1e4 Eaton xv-102-a035tqrb-1e4 Firmware Eaton easy-e4-ac-12rc1p Eaton Eaton easy E4-ac-8re1p Firmware Eaton easy-e4-uc-16re1p Eaton easy-e4-uc-12rc1p Eaton easy-e4-uc-12rc1p Firmware Eaton easy-e4-uc-8re1p Eaton easy-e4-dc-4pe1p Firmware Eaton xv-102-a3-57tvrb-1e4 Firmware Eaton easy-e4-uc-12rcx1p Eaton easy-box-e4-uc1 Firmware Eaton easy-e4-dc-12tcx1p Firmware Eaton easy-e4-ac-16re1p Eaton easy-e4-dc-4pe1p Eaton easy-e4-ac-12rcx1p Firmware Eaton easy-e4-dc-16te1p Eaton easy-e4-dc-8te1p Firmware Eaton xv100-box-e4-dc1 Firmware Eaton easy-e4-uc-8re1p Firmware Eaton easy-e4-uc-16re1p Firmware Eaton easy-box-e4-ac1 Eaton easy-e4-uc-16re1 Eaton xv100-box-e4-uc1 Firmware Eaton easy-e4-dc-6ae1p Eaton easy-e4-dc-12tc1p Firmware Eaton xv100-box-e4-dc1 Eaton easy-box-e4-dc1 Firmware Eaton easy-e4-dc-16te1p Firmware Eaton easy-e4-dc-6ae1p Firmware Eaton easy-e4-dc-12tc1p

17 Oct 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-17 13:15

Updated : 2024-11-21 08:24

NVD link : CVE-2023-43776

Mitre link : CVE-2023-43776

CVE.ORG link : CVE-2023-43776

JSON object : View

Products Affected

eaton

easy-e4-ac-16re1p
easy-e4-dc-12tc1p
xv100-box-e4-dc1_firmware
easy-e4-uc-16re1p_firmware
easy-box-e4-ac1
xv100-box-e4-dc1
easy_e4-ac-8re1p
easy-box-e4-uc1
easy-box-e4-dc1
easy-e4-uc-16re1
easy-e4-uc-12rc1p_firmware
easy-e4-uc-12rcx1p_firmware
easy-e4-dc-6ae1p_firmware
easy-e4-dc-12tcx1p_firmware
xv100-box-e4-uc1_firmware
xv-102-a035tqrb-1e4_firmware
easy-e4-uc-16re1_firmware
xv-102-a035tqrb-1e4
easy-e4-uc-12rcx1p
easy-e4-dc-12tcx1p
xv-102-a3-57tvrb-1e4_firmware
easy-e4-dc-8te1p
easy-e4-ac-12rcx1p
easy-e4-uc-16re1p
easy-e4-dc-4pe1p_firmware
easy-e4-uc-12rc1p
easy_e4-ac-8re1p_firmware
easy-box-e4-dc1_firmware
easy-e4-dc-4pe1p
easy-e4-dc-6ae1p
easy-e4-uc-8re1p
easy-box-e4-ac1_firmware
xv-102-a3-57tvrb-1e4
easy-e4-ac-12rc1p_firmware
easy-e4-dc-16te1p
easy-e4-dc-12tc1p_firmware
easy-e4-ac-12rcx1p_firmware
easy-e4-dc-8te1p_firmware
easy-e4-uc-8re1p_firmware
easy-e4-dc-16te1p_firmware
xv100-box-e4-uc1
easy-box-e4-uc1_firmware
easy-e4-ac-16re1p_firmware
easy-e4-ac-12rc1p

CWE

CWE-261

Weak Encoding for Password

CWE-326

Inadequate Encryption Strength

6.8 /10