eaton

Top products

The 15 most recently published vulnerabilities affecting eaton.

• CVE-2026-22619Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. ...7.8Apr 16, 2026
• CVE-2026-22618A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based at...5.9Apr 16, 2026
• CVE-2026-22617Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle ...5.7Apr 16, 2026
• CVE-2026-22616Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue h...6.5Apr 16, 2026
• CVE-2026-22615Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious c...6.0Apr 16, 2026
• CVE-2026-22614The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentiall...6.1Mar 10, 2026
• CVE-2026-22613The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security ...5.7Feb 9, 2026
• CVE-2025-67450Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has ...7.8Dec 26, 2025
• CVE-2025-59888Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has...6.7Dec 26, 2025
• CVE-2025-59887Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security ...8.6Dec 26, 2025
• CVE-2025-59886Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybe...8.8Dec 23, 2025
• CVE-2025-59890Improper input sanitization in the file archives upload functionality of Eaton Galileo software allows traversing paths which could lead into an attacker with local access to execute unauthorized ...7.3Nov 27, 2025
• CVE-2025-48397The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLS...7.1Nov 3, 2025
• CVE-2025-48396Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of E...8.3Nov 3, 2025
• CVE-2025-59889Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package.  This security issue ha...8.6Oct 14, 2025