CVE-2024-57811
Published: 13 January 2025
Description
In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in the firmware. NOTE: This vulnerability appears in versions that are no longer supported by Eaton.
Security Summary
CVE-2024-57811 is a use of hardcoded credentials vulnerability (CWE-798) affecting Eaton X303 firmware versions 3.5.16 through 3.5.17 Build 712 on XC-303 PLC devices. The issue stems from a hardcoded root password embedded in the firmware, enabling unauthorized root access via SSH. These versions are no longer supported by Eaton, leaving affected systems without vendor-backed updates.
An unauthenticated attacker with network access to the vulnerable XC-303 PLC can exploit this flaw with low complexity and no user interaction required (CVSSv3.1 base score of 9.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H). Successful exploitation grants full root privileges over SSH, allowing the attacker to execute arbitrary commands, modify critical configurations, disrupt device operations, or potentially pivot to other networked industrial control systems.
The primary advisory is documented by Google Security Research at GHSA-xf7j-4x67-6h93. No patches are available, as the affected firmware versions are end-of-support; organizations should isolate exposed XC-303 PLCs from untrusted networks, monitor SSH traffic for suspicious logins, and consider decommissioning or replacing unsupported devices.
Details
- CWE(s)