{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22614", "assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "state": "PUBLISHED", "assignerShortName": "Eaton", "dateReserved": "2026-01-08T04:55:11.728Z", "datePublished": "2026-03-10T10:24:35.909Z", "dateUpdated": "2026-03-10T13:49:27.224Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "shortName": "Eaton", "dateUpdated": "2026-03-10T10:24:35.909Z"}, "datePublic": "2026-03-10T10:06:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-257", "description": "CWE-257 Storing passwords in a recoverable format", "type": "CWE"}]}], "affected": [{"vendor": "Eaton", "product": "EasySoft", "versions": [{"status": "affected", "version": "0", "lessThan": "8.4", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The encryption mechanism used in Eaton's EasySoft project file was\u00a0insecure and susceptible to brute force attacks, an attacker with access to this file and the local host\nmachine could potentially read the sensitive information stored and tamper with the project file. This security issue has been fixed in the latest version of Eaton EasySoft which is available on the Eaton download centre.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host\nmachine could potentially read the sensitive information stored and tamper with the project file. This security issue has been fixed in the latest version of Eaton EasySoft which is available on the Eaton download centre."}]}], "references": [{"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1023.pdf"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T13:49:20.151718Z", "id": "CVE-2026-22614", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T13:49:27.224Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22614", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-10T13:49:20.151718Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T13:49:23.470Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Eaton", "product": "EasySoft", "versions": [{"status": "affected", "version": "0", "lessThan": "8.4", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2026-03-10T10:06:00.000Z", "references": [{"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1023.pdf"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "The encryption mechanism used in Eaton's EasySoft project file was\u00a0insecure and susceptible to brute force attacks, an attacker with access to this file and the local host\nmachine could potentially read the sensitive information stored and tamper with the project file. This security issue has been fixed in the latest version of Eaton EasySoft which is available on the Eaton download centre.", "supportingMedia": [{"type": "text/html", "value": "The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host\nmachine could potentially read the sensitive information stored and tamper with the project file. This security issue has been fixed in the latest version of Eaton EasySoft which is available on the Eaton download centre.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-257", "description": "CWE-257 Storing passwords in a recoverable format"}]}], "providerMetadata": {"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "shortName": "Eaton", "dateUpdated": "2026-03-10T10:24:35.909Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22614", "state": "PUBLISHED", "dateUpdated": "2026-03-10T13:49:27.224Z", "dateReserved": "2026-01-08T04:55:11.728Z", "assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "datePublished": "2026-03-10T10:24:35.909Z", "assignerShortName": "Eaton"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eaton:easysoft:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7E5837B-5467-425F-A826-7FDAA54B79A7", "versionEndExcluding": "8.41", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The encryption mechanism used in Eaton's EasySoft project file was\u00a0insecure and susceptible to brute force attacks, an attacker with access to this file and the local host\nmachine could potentially read the sensitive information stored and tamper with the project file. This security issue has been fixed in the latest version of Eaton EasySoft which is available on the Eaton download centre."}, {"lang": "es", "value": "El mecanismo de cifrado utilizado en el archivo de proyecto EasySoft de Eaton era inseguro y susceptible a ataques de fuerza bruta, un atacante con acceso a este archivo y la m\u00e1quina anfitriona local podr\u00eda potencialmente leer la informaci\u00f3n sensible almacenada y manipular el archivo de proyecto. Este problema de seguridad ha sido solucionado en la \u00faltima versi\u00f3n de Eaton EasySoft, que est\u00e1 disponible en el centro de descargas de Eaton."}], "id": "CVE-2026-22614", "lastModified": "2026-05-21T13:07:15.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "CybersecurityCOE@eaton.com", "type": "Secondary"}]}, "published": "2026-03-10T18:18:12.420", "references": [{"source": "CybersecurityCOE@eaton.com", "tags": ["Vendor Advisory", "Mitigation"], "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1023.pdf"}], "sourceIdentifier": "CybersecurityCOE@eaton.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-257"}], "source": "CybersecurityCOE@eaton.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,8.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "EasySoft", "source": "cna", "vendor": "Eaton"}, "product": "easysoft", "vendor": "eaton"}], "analysis": {"en": {"generated_at": "2026-04-17T11:46:25.353788+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest version of Eaton EasySoft from Eaton's download centre, which contains the repair", "Apply file system permissions restricting access to the EasySoft project files to authorized users only, limiting local-host access", "Audit existing project files for sensitive data and either encrypt them with a strong algorithm or delete unnecessary files"], "summary": {"action": "Update Software", "impact": "Sensitive information disclosure via insecure encryption in Eaton EasySoft project files"}, "threat_synthesis": {"affected_systems": "Affected systems are installations of Eaton EasySoft, the vendor product in the IEC. No specific version ranges are listed, however the advisory states that the issue has been fixed in the latest release available from Eaton's download centre.", "description_and_impact": "The vulnerability stems from an insecure encryption mechanism applied to the project files of Eaton EasySoft. An attacker who can access the file on the local host could brute\u2011force the encryption, revealing any sensitive data stored within and potentially modifying the file. The weakness maps to CWE\u2011257, indicating credentials or secrets are stored in a hard\u2011coded or weakly encrypted form.", "risk_and_exploitability": "The CVSS score of 6.1 classifies the risk as medium; the EPSS score is below 1%, indicating a low likelihood of exploitation at present. The vulnerability is not listed in the KEV catalog, yet its local\u2011host attack surface and potential to disclose sensitive information warrant timely remediation. The exploit would require the attacker to obtain local file access and then persist through a brute\u2011force attempt against the encryption."}}}}, "created": "2026-03-11T11:50:19.704627+00:00", "title": "Insecure Encryption in Eaton EasySoft Project Files Leading to Brute Force Attack Vulnerability", "updated": "2026-04-17T12:00:11.718947+00:00", "vendors": ["eaton", "eaton$PRODUCT$easysoft"]}