Vendor CVEs
Eaton
All CVEs
75 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-16158 | Cri | 0.69 | 9.8 | 0.35 | Aug 30, 2018 | Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the… | ||
| CVE-2018-12031 | Cri | 0.65 | 9.8 | 0.17 | Jun 7, 2018 | Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action. | ||
| CVE-2025-64310 | Cri | 0.64 | 9.8 | 0.00 | Nov 21, 2025 | EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's password may be identified through a brute force attack. | ||
| CVE-2018-8847 | Cri | 0.64 | 9.8 | 0.07 | Jul 13, 2018 | Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution. | ||
| CVE-2024-57811 | Cri | 0.59 | 9.1 | 0.00 | Jan 13, 2025 | In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in the firmware. NOTE: This vulnerability appears in versions that are no longer supported by Eaton. | ||
| CVE-2025-59889 | Hig | 0.56 | 8.6 | 0.00 | Oct 14, 2025 | Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of IPP which is available on the Eaton download… | ||
| CVE-2025-22495 | Hig | 0.55 | 8.4 | 0.00 | Feb 24, 2025 | An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability to execute arbitrary commands. The vulnerability has been resolved in the version… | ||
| CVE-2025-48396 | Hig | 0.54 | 8.3 | 0.00 | Nov 3, 2025 | Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004). | ||
| CVE-2026-22619 | Hig | 0.51 | 7.8 | 0.00 | Apr 16, 2026 | Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software… | ||
| CVE-2016-9368 | Hig | 0.49 | 7.5 | 0.01 | Mar 14, 2017 | An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating. | ||
| CVE-2016-2272 | Hig | 0.49 | 7.5 | 0.01 | Apr 6, 2016 | Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie. | ||
| CVE-2016-0871 | Hig | 0.49 | 7.5 | 0.02 | Apr 6, 2016 | Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request. | ||
| CVE-2016-4512 | Hig | 0.48 | 7.3 | 0.04 | Jul 3, 2016 | Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attackers to execute arbitrary code via a long packet. | ||
| CVE-2025-59890 | Hig | 0.47 | 7.3 | 0.00 | Nov 27, 2025 | Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access to execute unauthorized code or commands. This security issue has been fixed in the latest version of… | ||
| CVE-2025-48397 | Hig | 0.46 | 7.1 | 0.00 | Nov 3, 2025 | The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004). | ||
| CVE-2025-22491 | Med | 0.44 | 6.7 | 0.00 | Feb 28, 2025 | The user input was not sanitized on Reporting Hierarchy Management page of Foreseer Reporting Software (FRS) application which could lead into execution of arbitrary JavaScript in a browser context for all the interacting users. This security issue has been patched in the latest… | ||
| CVE-2022-33862 | Med | 0.44 | 6.7 | 0.00 | Nov 25, 2024 | IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems. | ||
| CVE-2026-22616 | Med | 0.42 | 6.5 | 0.00 | Apr 16, 2026 | Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton… | ||
| CVE-2026-22614 | Med | 0.40 | 6.1 | 0.00 | Mar 10, 2026 | The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This… | ||
| CVE-2026-22615 | Med | 0.39 | 6.0 | 0.00 | Apr 16, 2026 | Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed… | ||
| CVE-2016-4509 | Med | 0.39 | 6.0 | 0.02 | Jul 3, 2016 | Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file. | ||
| CVE-2026-22618 | Med | 0.38 | 5.9 | 0.00 | Apr 16, 2026 | A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP… | ||
| CVE-2026-22617 | Med | 0.37 | 5.7 | 0.00 | Apr 16, 2026 | Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP… | ||
| CVE-2026-22613 | Med | 0.37 | 5.7 | 0.00 | Feb 9, 2026 | The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which… | ||
| CVE-2025-48393 | Med | 0.37 | 5.7 | 0.00 | Aug 6, 2025 | The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton G4 PDU which is… | ||
| CVE-2025-22493 | Med | 0.36 | 5.6 | 0.00 | Mar 5, 2025 | Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software (FRS). Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connections. This security issue has been resolved in the latest version of FRS… | ||
| CVE-2018-7511 | Med | 0.35 | 5.3 | 0.02 | Mar 20, 2018 | In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code. | ||
| CVE-2016-9357 | Med | 0.35 | 5.3 | 0.02 | Feb 13, 2017 | An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx… | ||
| CVE-2015-6471 | Med | 0.35 | 5.3 | 0.01 | Dec 23, 2015 | Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data. | ||
| CVE-2021-23282 | Med | 0.34 | 5.2 | 0.08 | Nov 25, 2024 | Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM software. The attacker would need access to the local Subnet and an administrator… | ||
| CVE-2022-33861 | Med | 0.33 | 5.1 | 0.00 | Nov 25, 2024 | IPP software versions prior to v1.71 do not sufficiently verify the authenticity of data, in a way that causes it to accept invalid data. | ||
| CVE-2025-48395 | Med | 0.31 | 4.7 | 0.00 | Sep 5, 2025 | An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version of NMC G2 which is available on the Eaton download center. | ||
| CVE-2025-67450 | 0.00 | — | 0.00 | Dec 26, 2025 | Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download… | |||
| CVE-2025-59888 | 0.00 | — | 0.00 | Dec 26, 2025 | Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has been fixed in the latest version of EUC which is available on the Eaton download… | |||
| CVE-2025-59887 | 0.00 | — | 0.00 | Dec 26, 2025 | Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is available on the Eaton… | |||
| CVE-2025-59886 | 0.00 | — | 0.00 | Dec 23, 2025 | Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve and to meet our requirements today, Eaton… | |||
| CVE-2024-28952 | 0.00 | — | 0.00 | Nov 13, 2024 | Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||
| CVE-2024-31416 | 0.00 | — | 0.00 | Sep 13, 2024 | The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a… | |||
| CVE-2024-31415 | 0.00 | — | 0.00 | Sep 13, 2024 | The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used… | |||
| CVE-2024-31414 | 0.00 | — | 0.00 | Sep 13, 2024 | The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of… | |||
| CVE-2024-28887 | 0.00 | — | 0.00 | Aug 14, 2024 | Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||
| CVE-2023-43777 | 0.00 | — | 0.00 | Oct 17, 2023 | Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password… | |||
| CVE-2023-43776 | 0.00 | — | 0.00 | Oct 17, 2023 | Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG… | |||
| CVE-2023-43775 | 0.00 | — | 0.01 | Sep 26, 2023 | Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause the SMP device to restart in… | |||
| CVE-2022-33859 | 0.00 | — | 0.00 | Oct 28, 2022 | A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may… | |||
| CVE-2021-23283 | 0.00 | — | 0.01 | Apr 19, 2022 | Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software. | |||
| CVE-2021-23286 | 0.00 | — | 0.00 | Apr 18, 2022 | Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior… | |||
| CVE-2021-23284 | 0.00 | — | 0.00 | Apr 18, 2022 | Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to Stored Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version… | |||
| CVE-2021-23285 | 0.00 | — | 0.00 | Apr 18, 2022 | Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to reflected Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version… | |||
| CVE-2021-23288 | 0.00 | — | 0.00 | Apr 1, 2022 | The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions… |
- risk 0.69cvss 9.8epss 0.35
Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the…
- risk 0.65cvss 9.8epss 0.17
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.
- risk 0.64cvss 9.8epss 0.00
EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's password may be identified through a brute force attack.
- risk 0.64cvss 9.8epss 0.07
Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution.
- risk 0.59cvss 9.1epss 0.00
In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in the firmware. NOTE: This vulnerability appears in versions that are no longer supported by Eaton.
- risk 0.56cvss 8.6epss 0.00
Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of IPP which is available on the Eaton download…
- risk 0.55cvss 8.4epss 0.00
An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability to execute arbitrary commands. The vulnerability has been resolved in the version…
- risk 0.54cvss 8.3epss 0.00
Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).
- risk 0.51cvss 7.8epss 0.00
Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software…
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating.
- risk 0.49cvss 7.5epss 0.01
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie.
- risk 0.49cvss 7.5epss 0.02
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request.
- risk 0.48cvss 7.3epss 0.04
Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attackers to execute arbitrary code via a long packet.
- risk 0.47cvss 7.3epss 0.00
Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access to execute unauthorized code or commands. This security issue has been fixed in the latest version of…
- risk 0.46cvss 7.1epss 0.00
The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).
- risk 0.44cvss 6.7epss 0.00
The user input was not sanitized on Reporting Hierarchy Management page of Foreseer Reporting Software (FRS) application which could lead into execution of arbitrary JavaScript in a browser context for all the interacting users. This security issue has been patched in the latest…
- risk 0.44cvss 6.7epss 0.00
IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems.
- risk 0.42cvss 6.5epss 0.00
Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton…
- risk 0.40cvss 6.1epss 0.00
The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This…
- risk 0.39cvss 6.0epss 0.00
Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed…
- risk 0.39cvss 6.0epss 0.02
Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file.
- risk 0.38cvss 5.9epss 0.00
A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP…
- risk 0.37cvss 5.7epss 0.00
Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP…
- risk 0.37cvss 5.7epss 0.00
The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which…
- risk 0.37cvss 5.7epss 0.00
The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton G4 PDU which is…
- risk 0.36cvss 5.6epss 0.00
Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software (FRS). Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connections. This security issue has been resolved in the latest version of FRS…
- risk 0.35cvss 5.3epss 0.02
In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code.
- risk 0.35cvss 5.3epss 0.02
An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx…
- risk 0.35cvss 5.3epss 0.01
Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data.
- risk 0.34cvss 5.2epss 0.08
Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM software. The attacker would need access to the local Subnet and an administrator…
- risk 0.33cvss 5.1epss 0.00
IPP software versions prior to v1.71 do not sufficiently verify the authenticity of data, in a way that causes it to accept invalid data.
- risk 0.31cvss 4.7epss 0.00
An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version of NMC G2 which is available on the Eaton download center.
- CVE-2025-67450Dec 26, 2025risk 0.00cvss —epss 0.00
Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download…
- CVE-2025-59888Dec 26, 2025risk 0.00cvss —epss 0.00
Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has been fixed in the latest version of EUC which is available on the Eaton download…
- CVE-2025-59887Dec 26, 2025risk 0.00cvss —epss 0.00
Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is available on the Eaton…
- CVE-2025-59886Dec 23, 2025risk 0.00cvss —epss 0.00
Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve and to meet our requirements today, Eaton…
- CVE-2024-28952Nov 13, 2024risk 0.00cvss —epss 0.00
Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2024-31416Sep 13, 2024risk 0.00cvss —epss 0.00
The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a…
- CVE-2024-31415Sep 13, 2024risk 0.00cvss —epss 0.00
The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used…
- CVE-2024-31414Sep 13, 2024risk 0.00cvss —epss 0.00
The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of…
- CVE-2024-28887Aug 14, 2024risk 0.00cvss —epss 0.00
Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2023-43777Oct 17, 2023risk 0.00cvss —epss 0.00
Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password…
- CVE-2023-43776Oct 17, 2023risk 0.00cvss —epss 0.00
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG…
- CVE-2023-43775Sep 26, 2023risk 0.00cvss —epss 0.01
Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause the SMP device to restart in…
- CVE-2022-33859Oct 28, 2022risk 0.00cvss —epss 0.00
A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may…
- CVE-2021-23283Apr 19, 2022risk 0.00cvss —epss 0.01
Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software.
- CVE-2021-23286Apr 18, 2022risk 0.00cvss —epss 0.00
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior…
- CVE-2021-23284Apr 18, 2022risk 0.00cvss —epss 0.00
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to Stored Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version…
- CVE-2021-23285Apr 18, 2022risk 0.00cvss —epss 0.00
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to reflected Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version…
- CVE-2021-23288Apr 1, 2022risk 0.00cvss —epss 0.00
The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions…
Page 1 of 2