CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43777 – Insecure storage of password in easySoft
https://notcve.org/view.php?id=CVE-2023-43777
17 Oct 2023 — Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password was being stored insecurely and could be retrieved by skilled adversaries. El software Eaton easySoft se utiliza para programar controladores y pantallas fáciles para configurar, programar y definir parámetros para todos los relés in... • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1011.pdf • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6656 – File parsing Type Confusion Remote code execution vulerability
https://notcve.org/view.php?id=CVE-2020-6656
07 Jan 2021 — Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file parsing type confusion remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user upload a malformed .E70 file in the application. The vulnerability arises due to improper validation of user data supplied through E70 file which is causing Type Confusion. El software easySoft de Eaton versiones v7.xx y anteriores a la v7.22 es susceptible a la vulnerabilidad de ejecu... • https://us-cert.cisa.gov/ics/advisories/icsa-21-007-03 • CWE-20: Improper Input Validation CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6655 – File parsing Out-Of-Bounds read remote code execution
https://notcve.org/view.php?id=CVE-2020-6655
07 Jan 2021 — The Eaton's easySoft software v7.xx prior to v7.22 are susceptible to Out-of-bounds remote code execution vulnerability. A malicious entity can execute a malicious code or make the application crash by tricking user to upload the malformed .E70 file in the application. The vulnerability arises due to improper validation and parsing of the E70 file content by the application. El software easySoft de Eaton versión v7.xx y anterior a la v7.22 es susceptible a la vulnerabilidad de ejecución remota de código fue... • https://us-cert.cisa.gov/ics/advisories/icsa-21-007-03 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •