CVE-2023-43776

{"id": "CVE-2023-43776", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "CybersecurityCOE@eaton.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}]}, "published": "2023-10-17T13:15:11.750", "references": [{"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf", "tags": ["Mitigation", "Vendor Advisory"], "source": "CybersecurityCOE@eaton.com"}, {"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "CybersecurityCOE@eaton.com", "description": [{"lang": "en", "value": "CWE-261"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending)."}, {"lang": "es", "value": "Eaton easyE4 PLC ofrece una funcionalidad de protecci\u00f3n con contrase\u00f1a del dispositivo para facilitar una conexi\u00f3n segura y evitar el acceso no autorizado. Se observ\u00f3 que la contrase\u00f1a del dispositivo se almacen\u00f3 con un algoritmo de codificaci\u00f3n d\u00e9bil en el archivo del programa easyE4 cuando se export\u00f3 a la tarjeta SD (final de archivo *.PRG)."}], "lastModified": "2024-11-21T08:24:45.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:easy-box-e4-ac1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5BBDB77-0A3E-469B-B76D-8EC19B302DF8", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:easy-box-e4-ac1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8206719B-D602-4085-8936-A764C8C8400D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:easy-box-e4-dc1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A3817C5-D716-41B2-A9C4-E43B6A214F7E", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:easy-box-e4-dc1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "75CD25E6-E3DF-411D-A47D-8B00F46863BF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:easy-box-e4-uc1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A64743A8-383F-47DA-AADA-93F97A40EC97", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:easy-box-e4-uc1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "09C357B2-009E-4302-B7E4-D0A3843FB87A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:easy-e4-ac-12rc1p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1557C4B-5FE7-4679-8EC7-229159BF87E0", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:easy-e4-ac-12rc1p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EFD509FB-5AEC-4FC5-980C-A7F10C283068"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:easy-e4-ac-12rcx1p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C824881-E4E5-4937-B35B-99DD0D3106A7", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:easy-e4-ac-12rcx1p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E2FC53F4-065C-44AB-802D-A379F2F310DF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:easy-e4-ac-16re1p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD7B996D-B682-4541-A48E-E7250BC372FB", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:easy-e4-ac-16re1p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A1AD643-3CE2-4E48-A782-49EFCF032658"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:easy_e4-ac-8re1p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EFB9F56-3BEC-44C2-A99F-DC69648D25FE", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:easy_e4-ac-8re1p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "40B64BF7-0DB6-494C-8CB9-6026E85E6B82"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:easy-e4-dc-12tc1p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "700AD35D-FF04-4AAE-8A33-1C34761818B1", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:easy-e4-dc-12tc1p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B786B47D-BDE2-405F-BB0D-4D665769AEF8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:easy-e4-dc-12tcx1p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F33FE20-0D6B-4ACA-81CB-6FC343D41D7E", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:easy-e4-dc-12tcx1p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B85AA28F-9316-4C83-846D-6061F2C635A9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:easy-e4-dc-16te1p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA15EBFB-11CC-4758-A64A-9157F505D464", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:easy-e4-dc-16te1p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "937463C0-CE8A-44E8-A270-511D239D9AE5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:easy-e4-dc-4pe1p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "298AE4F1-FF3B-4D0E-8278-F2DBAA3FCD3D", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:easy-e4-dc-4pe1p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "48D501EE-3A96-4503-8F26-C84CC4C66DD2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:easy-e4-dc-6ae1p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58501BCB-F11B-4734-92A9-5745979212BE", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:easy-e4-dc-6ae1p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "68B9AB6C-A483-426C-B6A4-2D5935606FFE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:easy-e4-dc-8te1p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCE9EB77-1EF2-4CAB-A131-F8919ED82FBB", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:easy-e4-dc-8te1p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F8015DCE-6C8C-4DAE-95F4-82D661305788"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:easy-e4-uc-12rc1p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4671E23E-8104-449B-B1E2-D0F9B61D48B2", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:easy-e4-uc-12rc1p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DDB7DAF7-3AD5-4F7B-9F10-699BFED9070D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:easy-e4-uc-12rcx1p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE075495-E6B4-428C-BCD6-FE5A9A3A45BA", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:easy-e4-uc-12rcx1p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D06C9DD3-7E47-4151-8F26-321F0349796F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:easy-e4-uc-16re1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EC7853B-16AE-4F1B-AEE7-0652A4F45B1C", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:easy-e4-uc-16re1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FCA1EC8B-8ED6-48A7-9928-3AB39C0A97BE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:easy-e4-uc-16re1p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2EB8D62-5B36-45F6-AA07-FF23A2A82126", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:easy-e4-uc-16re1p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "87D7ACFC-9057-4E1A-AFA6-86C52501EB7D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:easy-e4-uc-8re1p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44CF72BE-1470-4FA3-B0B9-1C2104B2574C", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:easy-e4-uc-8re1p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BDC6E077-EC3C-4731-9121-A398946B6B30"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:xv-102-a035tqrb-1e4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C66C13D9-6D90-4076-B05B-1658958FD8EB", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:xv-102-a035tqrb-1e4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "034E43AF-EF91-4C67-9040-939822748250"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:xv-102-a3-57tvrb-1e4_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "286C4664-5450-4F2D-81F1-A76B034136A6", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:xv-102-a3-57tvrb-1e4:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B5B35A76-958F-4B5A-BC96-E2F1A17D11FE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:xv100-box-e4-dc1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3585D6D-4786-4C25-A878-D453CFD0AA59", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:xv100-box-e4-dc1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AC9E5C72-66BF-49D3-A95D-07D226B95787"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:eaton:xv100-box-e4-uc1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AFCCDCF-377D-49B0-BD03-BDE286A50622", "versionEndExcluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:eaton:xv100-box-e4-uc1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "740AD1F6-E59F-4343-AFB1-B8CB75543F62"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "CybersecurityCOE@eaton.com"}