Eaton easy Password Hacking // Password Recovery for easySoft and easyE4 PLC (fixed security issues)

In this PoC video, two security issues concerning the password protection of the Eaton easyE4 programmable logic controller (PLC) and the corresponding software easySoft are demonstrated.
Both demonstrated security vulnerabilities have been fixed in newer soft- and firmware releases.
The two security vulnerabilities SYSS-2023-007 (CVE-2023-43777) and SYSS-2023-008 (CVE-2023-43776) have been found by the SySS IT security expert Manuel Stotz, and have been reported to Eaton according to our SySS Responsible Disclosure Program.
The developed software tool used in this video will be available on our SySS GitHub when more affected users have applied the corresponding patches.
[1] SySS Security Advisory SYSS-2023-007
www.syss.de/fileadmin/dokumen...
[2] CVE-2023-43777
nvd.nist.gov/vuln/detail/CVE-...
[3] SySS Security Advisory SYSS-2023-008
www.syss.de/fileadmin/dokumen...
[4] CVE-2023-43776
nvd.nist.gov/vuln/detail/CVE-...
[5] SySS Research GitHub
github.com/SySS-Research/easy...
[6] Eaton Vulnerability Advisory ETN-VA-2023-1010
www.eaton.com/content/dam/eat...
[7] Eaton Vulnerability Advisory ETN-VA-2023-1011
www.eaton.com/content/dam/eat...
#plc #password #hacking

Пікірлер: 6

  • @PIDOtomasyon
    @PIDOtomasyon3 ай бұрын

    project not found. Deleted

  • @SySSPentestTV

    @SySSPentestTV

    3 ай бұрын

    If you are referring to the GitHub repository of our developed password recovery tool, this will stay private for some more time until more affected users have applied the corresponding security updates.

  • @PIDOtomasyon

    @PIDOtomasyon

    3 ай бұрын

    ​@@SySSPentestTV Which version of Eaton is affected?

  • @PIDOtomasyon

    @PIDOtomasyon

    3 ай бұрын

    @@SySSPentestTV I need to test my plcs. So can you share it in PM message?

  • @SySSPentestTV

    @SySSPentestTV

    3 ай бұрын

    @@PIDOtomasyon According to Eaton all easySoft software versions prior to V8.01 and all easyE4 versions prior to 2.02 are affected by the demonstrated security issues. Also see the corresponding Eaton vulnerability advisories: www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf and www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1011.pdf .

  • @PIDOtomasyon

    @PIDOtomasyon

    3 ай бұрын

    @@SySSPentestTV Thank you for information.

Келесі