easyE4 中的弱编码漏洞 (CVE-2023-43776)
CVE编号
CVE-2023-43776利用情况
暂无补丁情况
N/A披露时间
2023-10-17漏洞描述
易能(Eaton)easyE4 PLC 提供了设备密码保护功能,用于促进安全连接并防止未经授权的访问。观察到当easyE4程序文件导出到SD卡(以*.PRG文件结尾)时,设备密码以弱编码算法存储。解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/s... |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | eaton | easy-box-e4-ac1_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | easy-box-e4-dc1_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | easy-box-e4-uc1_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | easy-e4-ac-12rc1p_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | easy-e4-ac-12rcx1p_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | easy-e4-ac-16re1p_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | easy-e4-dc-12tc1p_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | easy-e4-dc-12tcx1p_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | easy-e4-dc-16te1p_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | easy-e4-dc-4pe1p_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | easy-e4-dc-6ae1p_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | easy-e4-dc-8te1p_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | easy-e4-uc-12rc1p_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | easy-e4-uc-12rcx1p_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | easy-e4-uc-16re1p_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | easy-e4-uc-16re1_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | easy-e4-uc-8re1p_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | easy_e4-ac-8re1p_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | xv-102-a035tqrb-1e4_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | xv-102-a3-57tvrb-1e4_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | xv100-box-e4-dc1_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 系统 | eaton | xv100-box-e4-uc1_firmware | * | Up to (excluding) 2.02 | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | easy-box-e4-ac1 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | easy-box-e4-dc1 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | easy-box-e4-uc1 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | easy-e4-ac-12rc1p | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | easy-e4-ac-12rcx1p | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | easy-e4-ac-16re1p | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | easy-e4-dc-12tc1p | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | easy-e4-dc-12tcx1p | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | easy-e4-dc-16te1p | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | easy-e4-dc-4pe1p | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | easy-e4-dc-6ae1p | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | easy-e4-dc-8te1p | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | easy-e4-uc-12rc1p | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | easy-e4-uc-12rcx1p | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | easy-e4-uc-16re1 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | easy-e4-uc-16re1p | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | easy-e4-uc-8re1p | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | easy_e4-ac-8re1p | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | xv-102-a035tqrb-1e4 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | xv-102-a3-57tvrb-1e4 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | xv100-box-e4-dc1 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | eaton | xv100-box-e4-uc1 | - | - | |||||
- 攻击路径 物理
- 攻击复杂度 高
- 权限要求 高
- 影响范围 已更改
- 用户交互 需要
- 可用性 高
- 保密性 高
- 完整性 高
| CWE-ID | 漏洞类型 |
| CWE-326 | 不充分的加密强度 |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论