CVE-2026-22614

Analyzed Analyzed - Analysis Complete

Insecure Encryption in Eaton EasySoft Enables Data Tampering

Publication date: 2026-03-10

Last updated on: 2026-05-21

Assigner: Eaton

Description

The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has been fixed in the latest version of Eaton EasySoft which is available on the Eaton download centre.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-03-10

Last Modified

2026-05-21

Generated

2026-06-16

AI Q&A

2026-03-10

EPSS Evaluated

2026-06-15

NVD

CVE-2026-22614

EUVD

EUVD-2026-10490

Affected Vendors & Products

Vendor	Product	Version / Range
eaton	easysoft	to 8.41 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-257	The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

CWE ID

Description

CWE-257

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

Attack-Flow Graph

Executive Summary

The vulnerability involves an insecure encryption mechanism used in Eaton's EasySoft project file. This weak encryption is susceptible to brute force attacks, meaning an attacker who has access to the project file and the local host machine could potentially decrypt and read sensitive information stored within the file.

Additionally, the attacker could tamper with the project file, potentially altering its contents maliciously.

This issue has been addressed and fixed in the latest version of Eaton EasySoft.

Impact Analysis

If exploited, this vulnerability could allow an attacker with local access to read sensitive information stored in the EasySoft project file.

The attacker could also tamper with the project file, potentially causing unauthorized changes that might affect system behavior or integrity.

Such unauthorized access and modification could lead to data breaches, operational disruptions, or compromise of system security.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, update Eaton EasySoft to the latest version available on the Eaton download centre where the security issue has been fixed.

Hi! I’m here to help you understand CVE-2026-22614. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-22614

Insecure Encryption in Eaton EasySoft Enables Data Tampering

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart