Eaton easy Password Hacking // Password Recovery for easySoft and easyE4 PLC (fixed security issues)

Описание к видео Eaton easy Password Hacking // Password Recovery for easySoft and easyE4 PLC (fixed security issues)

In this PoC video, two security issues concerning the password protection of the Eaton easyE4 programmable logic controller (PLC) and the corresponding software easySoft are demonstrated.

Both demonstrated security vulnerabilities have been fixed in newer soft- and firmware releases.

The two security vulnerabilities SYSS-2023-007 (CVE-2023-43777) and SYSS-2023-008 (CVE-2023-43776) have been found by the SySS IT security expert Manuel Stotz, and have been reported to Eaton according to our SySS Responsible Disclosure Program.

The developed software tool used in this video will be available on our SySS GitHub when more affected users have applied the corresponding patches.

[1] SySS Security Advisory SYSS-2023-007
https://www.syss.de/fileadmin/dokumen...

[2] CVE-2023-43777
https://nvd.nist.gov/vuln/detail/CVE-...

[3] SySS Security Advisory SYSS-2023-008
https://www.syss.de/fileadmin/dokumen...

[4] CVE-2023-43776
https://nvd.nist.gov/vuln/detail/CVE-...

[5] SySS Research GitHub
https://github.com/SySS-Research/easy...

[6] Eaton Vulnerability Advisory ETN-VA-2023-1010
https://www.eaton.com/content/dam/eat...

[7] Eaton Vulnerability Advisory ETN-VA-2023-1011
https://www.eaton.com/content/dam/eat...

#plc #password #hacking

Комментарии

Информация по комментариям в разработке

Похожие видео