VYPR
Vendor

Eaton

Products
37
CVEs
75
Across products
75
Status
Private

Products

37
View all 37 products →

Recent CVEs

75
View all 75 CVEs →
  • CVE-2018-16158CriAug 30, 2018
    risk 0.69cvss 9.8epss 0.35

    Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the…

  • CVE-2018-12031CriJun 7, 2018
    risk 0.65cvss 9.8epss 0.17

    Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.

  • CVE-2025-64310CriNov 21, 2025
    risk 0.64cvss 9.8epss 0.00

    EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's password may be identified through a brute force attack.

  • CVE-2018-8847CriJul 13, 2018
    risk 0.64cvss 9.8epss 0.07

    Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution.

  • CVE-2024-57811CriJan 13, 2025
    risk 0.59cvss 9.1epss 0.00

    In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in the firmware. NOTE: This vulnerability appears in versions that are no longer supported by Eaton.

  • CVE-2025-59889HigOct 14, 2025
    risk 0.56cvss 8.6epss 0.00

    Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package.  This security issue has been fixed in the latest version of IPP which is available on the Eaton download…

  • CVE-2025-22495HigFeb 24, 2025
    risk 0.55cvss 8.4epss 0.00

    An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability to execute arbitrary commands. The vulnerability has been resolved in the version…

  • CVE-2025-48396HigNov 3, 2025
    risk 0.54cvss 8.3epss 0.00

    Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).

  • CVE-2026-22619HigApr 16, 2026
    risk 0.51cvss 7.8epss 0.00

    Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software…

  • CVE-2016-9368HigMar 14, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating.

  • CVE-2016-2272HigApr 6, 2016
    risk 0.49cvss 7.5epss 0.01

    Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie.

  • CVE-2016-0871HigApr 6, 2016
    risk 0.49cvss 7.5epss 0.02

    Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request.

  • CVE-2016-4512HigJul 3, 2016
    risk 0.48cvss 7.3epss 0.04

    Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attackers to execute arbitrary code via a long packet.

  • CVE-2025-59890HigNov 27, 2025
    risk 0.47cvss 7.3epss 0.00

    Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access to execute unauthorized code or commands. This security issue has been fixed in the latest version of…

  • CVE-2025-48397HigNov 3, 2025
    risk 0.46cvss 7.1epss 0.00

    The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).

  • CVE-2025-22491MedFeb 28, 2025
    risk 0.44cvss 6.7epss 0.00

    The user input was not sanitized on Reporting Hierarchy Management page of Foreseer Reporting Software (FRS) application which could lead into execution of arbitrary JavaScript in a browser context for all the interacting users. This security issue has been patched in the latest…

  • CVE-2022-33862MedNov 25, 2024
    risk 0.44cvss 6.7epss 0.00

    IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems.

  • CVE-2026-22616MedApr 16, 2026
    risk 0.42cvss 6.5epss 0.00

    Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton…

  • CVE-2026-22614MedMar 10, 2026
    risk 0.40cvss 6.1epss 0.00

    The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This…

  • CVE-2026-22615MedApr 16, 2026
    risk 0.39cvss 6.0epss 0.00

    Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed…