Vulnerabilities in Eaton
53 resultsCVE-2025-48397HIGHThe privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed iEPSS 0.2%CVE-2022-33862MEDIUMImproper access control mechanism in IPPEPSS 0.2%CVE-2026-22617MEDIUMEaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cEPSS 0.2%CVE-2025-59889HIGHImproper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the EPSS 0.2%CVE-2026-22613MEDIUMThe server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacEPSS 0.2%CVE-2025-22492MEDIUMInsecure storage of connection strings in FRSEPSS 0.2%CVE-2025-67450HIGHDue to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package
could perfEPSS 0.1%CVE-2025-59890HIGHImproper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead intEPSS 0.1%CVE-2023-43776MEDIUMWeak encoding vulnerability in easyE4EPSS 0.1%CVE-2024-31415MEDIUMThe Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network manageEPSS 0.1%CVE-2022-33861MEDIUMInsufficient verification of authenticity in IPPEPSS 0.1%CVE-2025-22493MEDIUMImproper cookie attributes in Foreseer Reporting Software (FRS)EPSS 0.1%CVE-2026-22614MEDIUMThe encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access EPSS 0.1%