Description
The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host
machine could potentially read the sensitive information stored and tamper with the project file. This security issue has been fixed in the latest version of Eaton EasySoft which is available on the Eaton download centre.
Published: 2026-03-10
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive information disclosure via insecure encryption in Eaton EasySoft project files
Action: Update Software
AI Analysis

Impact

The vulnerability stems from an insecure encryption mechanism applied to the project files of Eaton EasySoft. An attacker who can access the file on the local host could brute‑force the encryption, revealing any sensitive data stored within and potentially modifying the file. The weakness maps to CWE‑257, indicating credentials or secrets are stored in a hard‑coded or weakly encrypted form.

Affected Systems

Affected systems are installations of Eaton EasySoft, the vendor product in the IEC. No specific version ranges are listed, however the advisory states that the issue has been fixed in the latest release available from Eaton's download centre.

Risk and Exploitability

The CVSS score of 6.1 classifies the risk as medium; the EPSS score is below 1%, indicating a low likelihood of exploitation at present. The vulnerability is not listed in the KEV catalog, yet its local‑host attack surface and potential to disclose sensitive information warrant timely remediation. The exploit would require the attacker to obtain local file access and then persist through a brute‑force attempt against the encryption.

Generated by OpenCVE AI on April 17, 2026 at 11:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest version of Eaton EasySoft from Eaton's download centre, which contains the repair
  • Apply file system permissions restricting access to the EasySoft project files to authorized users only, limiting local-host access
  • Audit existing project files for sensitive data and either encrypt them with a strong algorithm or delete unnecessary files

Generated by OpenCVE AI on April 17, 2026 at 11:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title Insecure Encryption in Eaton EasySoft Project Files Leading to Brute Force Attack Vulnerability

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Eaton
Eaton easysoft
Vendors & Products Eaton
Eaton easysoft

Tue, 10 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has been fixed in the latest version of Eaton EasySoft which is available on the Eaton download centre.
Weaknesses CWE-257
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}

Subscriptions

Eaton Easysoft
cve-icon MITRE

Status: PUBLISHED

Assigner: Eaton

Published:

Updated: 2026-03-10T13:49:27.224Z

Reserved: 2026-01-08T04:55:11.728Z

Link: CVE-2026-22614

cve-icon Vulnrichment

Updated: 2026-03-10T13:49:23.470Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-10T18:18:12.420

Modified: 2026-03-11T13:53:47.157

Link: CVE-2026-22614

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T12:00:11Z

Weaknesses