VYPR

Intelligent Power Protector

by Eaton

CVEs (7)

  • CVE-2026-22619HigApr 16, 2026
    risk 0.51cvss 7.8epss 0.00

    Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software…

  • CVE-2026-22616MedApr 16, 2026
    risk 0.42cvss 6.5epss 0.00

    Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton…

  • CVE-2026-22615MedApr 16, 2026
    risk 0.39cvss 6.0epss 0.00

    Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed…

  • CVE-2026-22618MedApr 16, 2026
    risk 0.38cvss 5.9epss 0.00

    A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP…

  • CVE-2026-22617MedApr 16, 2026
    risk 0.37cvss 5.7epss 0.00

    Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP…

  • CVE-2021-23283Apr 19, 2022
    risk 0.00cvss epss 0.01

    Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software.

  • CVE-2021-23288Apr 1, 2022
    risk 0.00cvss epss 0.00

    The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions…