Vulnerabilities > Eaton
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-18 | CVE-2021-23286 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Eaton Intelligent Power Manager Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. | 8.0 |
| 2022-04-01 | CVE-2021-23287 | Cross-site Scripting vulnerability in Eaton Intelligent Power Manager 1.6/1.67/1.69 The vulnerability exists due to insufficient validation of input of certain resources within the IPM software. | 3.5 |
| 2022-04-01 | CVE-2021-23288 | Cross-site Scripting vulnerability in Eaton Intelligent Power Protector The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. | 2.3 |
| 2021-04-13 | CVE-2021-23277 | Code Injection vulnerability in Eaton products Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. | 10.0 |
| 2021-01-07 | CVE-2020-6656 | Type Confusion vulnerability in Eaton Easysoft Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file parsing type confusion remote code execution vulnerability. | 6.8 |
| 2021-01-07 | CVE-2020-6655 | Out-of-bounds Read vulnerability in Eaton Easysoft 7.20 The Eaton's easySoft software v7.xx prior to v7.22 are susceptible to Out-of-bounds remote code execution vulnerability. | 6.8 |
| 2020-09-30 | CVE-2020-6654 | Uncontrolled Search Path Element vulnerability in Eaton 9000X Programming and Configuration Software A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL. | 4.4 |
| 2020-08-12 | CVE-2020-6653 | Information Exposure vulnerability in Eaton Secureconnect 1.7.3 Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. | 2.1 |
| 2020-05-07 | CVE-2020-6652 | Improper Privilege Management vulnerability in Eaton Intelligent Power Manager 1.6/1.67 Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. | 4.6 |
| 2020-05-07 | CVE-2020-6651 | Improper Input Validation vulnerability in Eaton Intelligent Power Manager 1.6/1.67 Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application. | 6.0 |