Filtered by vendor Eaton
Subscribe
Total
38 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6653 | 1 Eaton | 1 Secureconnect | 2020-08-19 | 2.1 LOW | 3.9 LOW |
| Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the information to monitor and control the user's account and associated devices. | |||||
| CVE-2020-6652 | 1 Eaton | 1 Intelligent Power Manager | 2020-05-12 | 4.6 MEDIUM | 7.8 HIGH |
| Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the configurations with incorrect parameters. | |||||
| CVE-2020-6651 | 1 Eaton | 1 Intelligent Power Manager | 2020-05-12 | 6.0 MEDIUM | 7.3 HIGH |
| Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application. | |||||
| CVE-2020-10639 | 1 Eaton | 2 Hmisoft Vu3, Hmisoft Vu3 Firmware | 2020-04-22 | 6.8 MEDIUM | 7.8 HIGH |
| Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. A specially crafted input file could cause a buffer overflow when loaded by the affected product. | |||||
| CVE-2020-10637 | 1 Eaton | 2 Hmisoft Vu3, Hmisoft Vu3 Firmware | 2020-04-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. A specially crafted input file could trigger an out-of-bounds read when loaded by the affected product. | |||||
| CVE-2020-6650 | 1 Eaton | 1 Ups Companion | 2020-03-27 | 5.8 MEDIUM | 8.8 HIGH |
| UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.”eval” in “Update Manager” class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed. | |||||
| CVE-2020-7915 | 1 Eaton | 2 5p 850, 5p 850 Firmware | 2020-01-24 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI field allows XSS attacks by an administrator. | |||||
| CVE-2018-7511 | 1 Eaton | 1 Elcsoft | 2019-10-09 | 6.8 MEDIUM | 5.3 MEDIUM |
| In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code. | |||||
| CVE-2016-9368 | 1 Eaton | 1 Xcomfort Ethernet Communication Interface | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating. | |||||
| CVE-2018-9280 | 1 Eaton | 2 9px Ups, 9px Ups Firmware | 2019-10-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3 user's password. The web page displayed by the appliance contains the password in cleartext. Passwords of the read and write users could be retrieved by browsing the source code of the webpage. | |||||
| CVE-2018-9279 | 1 Eaton | 2 9px Ups, 9px Ups Firmware | 2019-10-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's password. The web page displayed by the appliance contains the password in cleartext. Passwords could be retrieved by browsing the source code of the webpage. | |||||
| CVE-2008-6816 | 1 Eaton | 1 Network Shutdown Module | 2018-10-11 | 10.0 HIGH | N/A |
| Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php. | |||||
| CVE-2018-12031 | 1 Eaton | 1 Intelligent Power Manager | 2018-07-27 | 7.5 HIGH | 9.8 CRITICAL |
| Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action. | |||||
| CVE-2016-9357 | 1 Eaton | 10 Eamaxx Series Epdu, Eamaxx Series Epdu Firmware, Eamxxx Series Epdu and 7 more | 2017-03-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx prior to January 31, 2014. An unauthenticated attacker may be able to access configuration files with a specially crafted URL (Path Traversal). | |||||
| CVE-2016-4512 | 1 Eaton | 1 Elcsoft | 2016-11-28 | 7.5 HIGH | 7.3 HIGH |
| Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attackers to execute arbitrary code via a long packet. | |||||
| CVE-2016-4509 | 1 Eaton | 1 Elcsoft | 2016-11-28 | 6.0 MEDIUM | 6.0 MEDIUM |
| Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file. | |||||
| CVE-2014-9196 | 1 Eaton | 1 Proview | 2016-11-28 | 9.3 HIGH | N/A |
| Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. | |||||
| CVE-2015-6471 | 1 Eaton | 1 Proview | 2015-12-23 | 4.3 MEDIUM | 5.3 MEDIUM |
| Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data. | |||||