Vendor
Eaton
Products
9
CVEs
9
Across products
28
Status
Private
Products
9- 12 CVEs
- 5 CVEs
- 5 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
9| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-22619 | Hig | 0.51 | 7.8 | 0.00 | Apr 16, 2026 | Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download center. | |
| CVE-2016-4512 | Hig | 0.48 | 7.3 | 0.06 | Jul 3, 2016 | Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attackers to execute arbitrary code via a long packet. | |
| CVE-2026-22616 | Med | 0.42 | 6.5 | 0.00 | Apr 16, 2026 | Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton download centre. | |
| CVE-2026-22615 | Med | 0.39 | 6.0 | 0.00 | Apr 16, 2026 | Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre. | |
| CVE-2026-22618 | Med | 0.38 | 5.9 | 0.00 | Apr 16, 2026 | A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre. | |
| CVE-2026-22617 | Med | 0.37 | 5.7 | 0.00 | Apr 16, 2026 | Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre. | |
| CVE-2016-9357 | Med | 0.35 | 5.3 | 0.02 | Feb 13, 2017 | An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx prior to January 31, 2014. An unauthenticated attacker may be able to access configuration files with a specially crafted URL (Path Traversal). | |
| CVE-2008-6816 | 0.01 | — | 0.11 | May 28, 2009 | Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php. | ||
| CVE-2014-9196 | 0.00 | — | 0.02 | Jul 20, 2015 | Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. |