CVE-2024-57811

The software that is vulnerable is the Eaton X303, specifically versions 3.5.16 to 3.5.17 Build 712. The vulnerability is a hardcoded root password in the firmware, which allows an attacker with network access to a XC-303 PLC to login as root over SSH. It's worth noting that this vulnerability appears in versions that are no longer supported by Eaton. There is a public reference to this vulnerability, but it does not specify whether it has been exploited by attackers or if there is a public exploit available. The vulnerability can be exploited by attackers who have network access to the XC-303 PLC. #EatonX303 #CVE202457811 #HardcodedRootPassword #XC303PLC #SSHAccess #Eaton #Vulnerability #PLC #SSH #RootAccess