Vulnerabilities > Eaton
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-07 | CVE-2018-12031 | Path Traversal vulnerability in Eaton Intelligent Power Manager 1.6 Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action. | 7.5 |
| 2018-03-20 | CVE-2018-7511 | Improper Input Validation vulnerability in Eaton Elcsoft 1.00.08/2.4.01 In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code. | 6.8 |
| 2017-03-14 | CVE-2016-9368 | Improper Access Control vulnerability in Eaton Xcomfort Ethernet Communication Interface 1.07 An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. | 5.0 |
| 2017-02-13 | CVE-2016-9357 | Path Traversal vulnerability in Eaton products An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx prior to January 31, 2014. | 5.0 |
| 2016-07-03 | CVE-2016-4512 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Eaton Elcsoft 1.00.08/2.4.01 Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attackers to execute arbitrary code via a long packet. | 7.5 |
| 2016-07-03 | CVE-2016-4509 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Eaton Elcsoft 1.00.08/2.4.01 Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file. | 6.0 |
| 2015-12-23 | CVE-2015-6471 | Information Exposure vulnerability in Eaton Proview Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data. | 4.3 |
| 2015-07-20 | CVE-2014-9196 | 7PK - Security Features vulnerability in Eaton Proview Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. | 9.3 |
| 2009-05-28 | CVE-2008-6816 | Improper Authentication vulnerability in Eaton Network Shutdown Module Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php. | 10.0 |