Vulnerabilities > Eaton
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-24 | CVE-2018-9281 | Cross-site Scripting vulnerability in Eaton 9PX UPS Firmware An issue was discovered on Eaton UPS 9PX 8000 SP devices. | 8.8 |
| 2018-10-24 | CVE-2018-9280 | Insufficiently Protected Credentials vulnerability in Eaton 9PX UPS Firmware An issue was discovered on Eaton UPS 9PX 8000 SP devices. | 4.9 |
| 2018-10-24 | CVE-2018-9279 | Insufficiently Protected Credentials vulnerability in Eaton 9PX UPS Firmware An issue was discovered on Eaton UPS 9PX 8000 SP devices. | 4.9 |
| 2018-08-30 | CVE-2018-16158 | Use of Hard-coded Credentials vulnerability in Eaton products Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option. | 9.8 |
| 2018-07-13 | CVE-2018-8847 | Out-of-bounds Write vulnerability in Eaton 9000X Firmware 2.0.29 Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution. | 9.8 |
| 2018-06-07 | CVE-2018-12031 | Path Traversal vulnerability in Eaton Intelligent Power Manager 1.6 Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action. | 9.8 |
| 2018-03-20 | CVE-2018-7511 | Improper Input Validation vulnerability in Eaton Elcsoft 1.00.08/2.4.01 In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code. | 5.3 |
| 2017-03-14 | CVE-2016-9368 | Improper Access Control vulnerability in Eaton Xcomfort Ethernet Communication Interface 1.07 An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. | 7.5 |
| 2017-02-13 | CVE-2016-9357 | Path Traversal vulnerability in Eaton products An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx prior to January 31, 2014. | 5.3 |
| 2016-07-03 | CVE-2016-4512 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Eaton Elcsoft 1.00.08/2.4.01 Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attackers to execute arbitrary code via a long packet. | 7.3 |