CVE-2023-6409

Name of the Vulnerable Software and Affected Versions EcoStruxure Control Expert (affected versions not specified) EcoStruxure Process Expert (affected versions not specified)

Description A Use of Hard-coded Credentials issue exists that could cause unauthorized access to a project file protected with an application password when opening the file with EcoStruxure Control Expert. This issue is related to the use of hard-coded credentials in the programming software for PLCs (Programmable Logic Controllers) EcoStruxure Control Expert and EcoStruxure Process Expert. Exploitation of this issue may allow an attacker to gain unauthorized access to a project file.

Recommendations For EcoStruxure Control Expert, consider disabling the use of hard-coded credentials as a temporary workaround until a patch is available. For EcoStruxure Process Expert, restrict access to project files protected with application passwords to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.