CVE-2026-22614
Summary
| CVE | CVE-2026-22614 |
|---|---|
| State | PUBLISHED |
| Assigner | Eaton |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-03-10 18:18:12 UTC |
| Updated | 2026-05-21 13:07:15 UTC |
| Description | The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has been fixed in the latest version of Eaton EasySoft which is available on the Eaton download centre. |
Risk And Classification
Primary CVSS: v3.1 6.1 MEDIUM from [email protected]
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
EPSS: 0.000100000 probability, percentile 0.013040000 (date 2026-05-27)
Problem Types: CWE-257 | CWE-257 CWE-257 Storing passwords in a recoverable format
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
| 3.1 | CNA | CVSS | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
LowAvailability
NoneCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/securit... | [email protected] | www.eaton.com | Vendor Advisory, Mitigation |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.