Eaton Vulnerability Advisory for easyE4 Product

This document is a vulnerability advisory issued by Eaton regarding the easyE4 product, an electronic nano programmable logic controller. The advisory details a security vulnerability identified as CVE-2023-43776, which has a CVSS v3.1 base score of 6.8, indicating a medium level of risk. The vulnerability arises from the weak encoding algorithm used for storing device passwords in the easyE4 program files when exported. The advisory specifies that all versions prior to 2.02 are affected and recommends immediate upgrades for users with hardware version 08. Additionally, it outlines general security best practices for users of easyE4 devices, including restricting physical access to program files, deploying secure network practices, and regularly updating software. The document also acknowledges the contributions of researchers who identified the vulnerabilities and provides contact information for further assistance and resources related to cybersecurity best practices.