CVE-2026-22614
Insecure Encryption in Eaton EasySoft Enables Data Tampering
Publication date: 2026-03-10
Last updated on: 2026-03-10
Assigner: Eaton
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| eaton | easysoft | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-257 | The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability involves an insecure encryption mechanism used in Eaton's EasySoft project file. This weak encryption is susceptible to brute force attacks, meaning an attacker who has access to the project file and the local host machine could potentially decrypt and read sensitive information stored within the file.
Additionally, the attacker could tamper with the project file, potentially altering its contents maliciously.
This issue has been addressed and fixed in the latest version of Eaton EasySoft.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with local access to read sensitive information stored in the EasySoft project file.
The attacker could also tamper with the project file, potentially causing unauthorized changes that might affect system behavior or integrity.
Such unauthorized access and modification could lead to data breaches, operational disruptions, or compromise of system security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Eaton EasySoft to the latest version available on the Eaton download centre where the security issue has been fixed.