CVE-2024-57811 Information

Description

In Eaton X303 3.5.16 - X303 3.5.17 Build 712 an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in the firmware. NOTE: This vulnerability appears in versions that are no longer supported by Eaton.

Reference

https://github.com/google/security-research/security/advisories/GHSA-xf7j-4x67-6h93