Eaton
Products
37- 14 CVEs
- 7 CVEs
- 6 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- View all 37 products →
Recent CVEs
75| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-16158 | Cri | 0.69 | 9.8 | 0.35 | Aug 30, 2018 | Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the… | ||
| CVE-2018-12031 | Cri | 0.65 | 9.8 | 0.17 | Jun 7, 2018 | Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action. | ||
| CVE-2025-64310 | Cri | 0.64 | 9.8 | 0.00 | Nov 21, 2025 | EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's password may be identified through a brute force attack. | ||
| CVE-2018-8847 | Cri | 0.64 | 9.8 | 0.07 | Jul 13, 2018 | Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution. | ||
| CVE-2024-57811 | Cri | 0.59 | 9.1 | 0.00 | Jan 13, 2025 | In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in the firmware. NOTE: This vulnerability appears in versions that are no longer supported by Eaton. | ||
| CVE-2025-59889 | Hig | 0.56 | 8.6 | 0.00 | Oct 14, 2025 | Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of IPP which is available on the Eaton download… | ||
| CVE-2025-22495 | Hig | 0.55 | 8.4 | 0.00 | Feb 24, 2025 | An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability to execute arbitrary commands. The vulnerability has been resolved in the version… | ||
| CVE-2025-48396 | Hig | 0.54 | 8.3 | 0.00 | Nov 3, 2025 | Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004). | ||
| CVE-2026-22619 | Hig | 0.51 | 7.8 | 0.00 | Apr 16, 2026 | Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software… | ||
| CVE-2016-9368 | Hig | 0.49 | 7.5 | 0.01 | Mar 14, 2017 | An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating. | ||
| CVE-2016-2272 | Hig | 0.49 | 7.5 | 0.01 | Apr 6, 2016 | Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie. | ||
| CVE-2016-0871 | Hig | 0.49 | 7.5 | 0.02 | Apr 6, 2016 | Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request. | ||
| CVE-2016-4512 | Hig | 0.48 | 7.3 | 0.04 | Jul 3, 2016 | Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attackers to execute arbitrary code via a long packet. | ||
| CVE-2025-59890 | Hig | 0.47 | 7.3 | 0.00 | Nov 27, 2025 | Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access to execute unauthorized code or commands. This security issue has been fixed in the latest version of… | ||
| CVE-2025-48397 | Hig | 0.46 | 7.1 | 0.00 | Nov 3, 2025 | The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004). | ||
| CVE-2025-22491 | Med | 0.44 | 6.7 | 0.00 | Feb 28, 2025 | The user input was not sanitized on Reporting Hierarchy Management page of Foreseer Reporting Software (FRS) application which could lead into execution of arbitrary JavaScript in a browser context for all the interacting users. This security issue has been patched in the latest… | ||
| CVE-2022-33862 | Med | 0.44 | 6.7 | 0.00 | Nov 25, 2024 | IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems. | ||
| CVE-2026-22616 | Med | 0.42 | 6.5 | 0.00 | Apr 16, 2026 | Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton… | ||
| CVE-2026-22614 | Med | 0.40 | 6.1 | 0.00 | Mar 10, 2026 | The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This… | ||
| CVE-2026-22615 | Med | 0.39 | 6.0 | 0.00 | Apr 16, 2026 | Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed… |
- risk 0.69cvss 9.8epss 0.35
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the…
- risk 0.65cvss 9.8epss 0.17
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.
- risk 0.64cvss 9.8epss 0.00
EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's password may be identified through a brute force attack.
- risk 0.64cvss 9.8epss 0.07
Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution.
- risk 0.59cvss 9.1epss 0.00
In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in the firmware. NOTE: This vulnerability appears in versions that are no longer supported by Eaton.
- risk 0.56cvss 8.6epss 0.00
Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of IPP which is available on the Eaton download…
- risk 0.55cvss 8.4epss 0.00
An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability to execute arbitrary commands. The vulnerability has been resolved in the version…
- risk 0.54cvss 8.3epss 0.00
Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).
- risk 0.51cvss 7.8epss 0.00
Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating.
- risk 0.49cvss 7.5epss 0.01
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie.
- risk 0.49cvss 7.5epss 0.02
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request.
- risk 0.48cvss 7.3epss 0.04
Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attackers to execute arbitrary code via a long packet.
- risk 0.47cvss 7.3epss 0.00
Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access to execute unauthorized code or commands. This security issue has been fixed in the latest version of…
- risk 0.46cvss 7.1epss 0.00
The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).
- risk 0.44cvss 6.7epss 0.00
The user input was not sanitized on Reporting Hierarchy Management page of Foreseer Reporting Software (FRS) application which could lead into execution of arbitrary JavaScript in a browser context for all the interacting users. This security issue has been patched in the latest…
- risk 0.44cvss 6.7epss 0.00
IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems.
- risk 0.42cvss 6.5epss 0.00
Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton…
- risk 0.40cvss 6.1epss 0.00
The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This…
- risk 0.39cvss 6.0epss 0.00
Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed…