Summary
This document is an Eaton Vulnerability Advisory detailing a critical security vulnerability identified in the XC-303 PLC. The vulnerability, discovered during an internal cybersecurity assessment, allows attackers to gain SSH access over the network if exploited. The advisory specifies that all versions of the Eaton XC-303 PLC prior to firmware version 3.5.16 are affected. Eaton has remediated the issue by releasing a patched version, and users are urged to upgrade to the latest firmware immediately. The advisory also includes general security best practices, such as restricting exposure to external networks, deploying control system networks behind barrier devices, and enabling audit logs. Additionally, it emphasizes the importance of regular software updates and performing security assessments. The document serves to inform customers about the vulnerability and the necessary actions to enhance their cybersecurity posture.
