Vulnerabilities > Eaton
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-22 | CVE-2020-7915 | Cross-site Scripting vulnerability in Eaton 5P 850 Firmware An issue was discovered on Eaton 5P 850 devices. | 3.5 |
| 2019-05-22 | CVE-2019-5625 | Insufficiently Protected Credentials vulnerability in Eaton Halo Home 1.9.0 The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. | 3.6 |
| 2018-10-24 | CVE-2018-9281 | Cross-Site Request Forgery (CSRF) vulnerability in Eaton 9PX UPS Firmware An issue was discovered on Eaton UPS 9PX 8000 SP devices. | 6.8 |
| 2018-10-24 | CVE-2018-9280 | Insufficiently Protected Credentials vulnerability in Eaton 9PX UPS Firmware An issue was discovered on Eaton UPS 9PX 8000 SP devices. | 4.0 |
| 2018-10-24 | CVE-2018-9279 | Insufficiently Protected Credentials vulnerability in Eaton 9PX UPS Firmware An issue was discovered on Eaton UPS 9PX 8000 SP devices. | 4.0 |
| 2018-08-30 | CVE-2018-16158 | Use of Hard-coded Credentials vulnerability in Eaton products Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option. | 10.0 |
| 2018-07-13 | CVE-2018-8847 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Eaton 9000X Firmware 2.0.29 Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution. | 7.5 |
| 2018-06-07 | CVE-2018-12031 | Path Traversal vulnerability in Eaton Intelligent Power Manager 1.6 Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action. | 7.5 |
| 2018-03-20 | CVE-2018-7511 | Improper Input Validation vulnerability in Eaton Elcsoft 1.00.08/2.4.01 In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code. | 6.8 |
| 2017-03-14 | CVE-2016-9368 | Improper Access Control vulnerability in Eaton Xcomfort Ethernet Communication Interface 1.07 An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. | 5.0 |