OTPulse
FeedAboutContact

Eaton EASYsoft (Update A)

Monitor5.8ICS-CERT ICSA-21-007-03Jan 7, 2021
Attack VectorLocal
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary

Eaton EASYsoft versions 7.20 and earlier contain type confusion (CWE-843) and out-of-bounds read (CWE-125) vulnerabilities in .E70 project file handling. A local attacker could exploit these flaws by uploading a specially crafted .E70 file to modify program behavior or crash the application. Eaton has released version 7.22 as a fix. High skill is required for exploitation and these vulnerabilities are not remotely exploitable.

What this means
What could happen
A local attacker with physical access to a workstation running EASYsoft could modify program behavior or crash the application by uploading a malicious .E70 project file, disrupting engineering activities and potentially preventing changes to control logic.
Who's at risk
This affects organizations using Eaton EASYsoft for programming and configuring control devices. Any facility with engineering workstations running EASYsoft version 7.20 or earlier (water utilities, electric utilities, manufacturing plants) should ensure workstation access is restricted and update to version 7.22.
How it could be exploited
An attacker with local access to a workstation running EASYsoft could craft a malicious .E70 configuration file and upload it through the application. The vulnerability in file handling (CWE-843 type confusion, CWE-125 out-of-bounds read) could be triggered during parsing, allowing the attacker to execute code or crash the application.
Prerequisites
  • Local access to the workstation running EASYsoft
  • Ability to upload or interact with .E70 files through the EASYsoft application
  • EASYsoft version 7.20 or earlier
High skill required to exploitLocal access onlyNo known public exploitsNo patch available for version 7.20 and earlier
Exploitability
Low exploit probability (EPSS 0.8%)
Affected products (1)
ProductAffected VersionsFix Status
EASYsoft:≤ 7.207.22
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDOnly upload .E70 configuration files from trusted sources and trusted personnel
WORKAROUNDIf the application crashes after .E70 file upload, restart the application and do not attempt to re-upload the same file
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade EASYsoft to version 7.22 or later
Long-term hardening
0/1
HARDENINGRestrict physical access to workstations running EASYsoft to authorized engineering personnel
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f2f8addf-4c9e-4032-9929-b6e13a097109
Eaton EASYsoft (Update A) | CVSS 5.8 - OTPulse