CVE-2023-43776

CVSS 3.1 Score 6.6 of 10 (medium)

Details

Published Oct 17, 2023

Updated: Oct 25, 2023

CWE ID 326

CWE ID 261

Summary

CVE-2023-43776 is a vulnerability affecting Eaton's easyE4 PLC. The device includes a password protection feature to ensure secure connections, but the password is stored with a weak encoding algorithm in the exported PRG files on SD cards. This could potentially allow unauthorized access if an attacker obtains the PRG file. The vulnerability poses a risk of compromising the security of industrial systems using the affected PLC. Users are advised to update their systems or take other measures to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/swfWaT
https://www.cve.org/CVERecord?id=CVE-2023-43776
https://nvd.nist.gov/vuln/detail/CVE-2023-43776

Back to Vulnerability Database

CVE-2023-43776

CVSS 3.1 Score 6.6 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations