Vulnerabilities > Eaton
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-10639 | Classic Buffer Overflow vulnerability in Eaton Hmisoft VU3 Firmware 3.00.23 Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. | 6.8 |
| 2020-04-15 | CVE-2020-10637 | Out-of-bounds Read vulnerability in Eaton Hmisoft VU3 Firmware 3.00.23 Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. | 4.3 |
| 2020-03-23 | CVE-2020-6650 | Code Injection vulnerability in Eaton UPS Companion UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. | 5.8 |
| 2020-01-22 | CVE-2020-7915 | Cross-site Scripting vulnerability in Eaton 5P 850 Firmware An issue was discovered on Eaton 5P 850 devices. | 3.5 |
| 2019-05-22 | CVE-2019-5625 | Insufficiently Protected Credentials vulnerability in Eaton Halo Home 1.9.0 The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. | 3.6 |
| 2018-10-24 | CVE-2018-9281 | Cross-Site Request Forgery (CSRF) vulnerability in Eaton 9PX UPS Firmware An issue was discovered on Eaton UPS 9PX 8000 SP devices. | 6.8 |
| 2018-10-24 | CVE-2018-9280 | Insufficiently Protected Credentials vulnerability in Eaton 9PX UPS Firmware An issue was discovered on Eaton UPS 9PX 8000 SP devices. | 4.0 |
| 2018-10-24 | CVE-2018-9279 | Insufficiently Protected Credentials vulnerability in Eaton 9PX UPS Firmware An issue was discovered on Eaton UPS 9PX 8000 SP devices. | 4.0 |
| 2018-08-30 | CVE-2018-16158 | Use of Hard-coded Credentials vulnerability in Eaton products Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option. | 10.0 |
| 2018-07-13 | CVE-2018-8847 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Eaton 9000X Firmware 2.0.29 Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution. | 7.5 |