Vulnerabilities > Eaton > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-13 CVE-2024-31415 Insufficiently Protected Credentials vulnerability in Eaton Foreseer Electrical Power Monitoring System
The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc.
network
low complexity
eaton CWE-522
8.1
2022-04-18 CVE-2021-23286 Improper Neutralization of Formula Elements in a CSV File vulnerability in Eaton Intelligent Power Manager
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection.
low complexity
eaton CWE-1236
8.0
2021-04-13 CVE-2021-23276 SQL Injection vulnerability in Eaton products
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection.
network
low complexity
eaton CWE-89
8.8
2021-01-07 CVE-2020-6656 Type Confusion vulnerability in Eaton Easysoft
Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file parsing type confusion remote code execution vulnerability.
local
low complexity
eaton CWE-843
7.8
2021-01-07 CVE-2020-6655 Out-of-bounds Read vulnerability in Eaton Easysoft
The Eaton's easySoft software v7.xx prior to v7.22 are susceptible to Out-of-bounds remote code execution vulnerability.
local
low complexity
eaton CWE-125
7.8
2020-09-30 CVE-2020-6654 Untrusted Search Path vulnerability in Eaton 9000X Programming and Configuration Software 2.0.38
A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL.
local
low complexity
eaton CWE-426
7.8
2020-05-07 CVE-2020-6652 Improper Privilege Management vulnerability in Eaton Intelligent Power Manager 1.6/1.67
Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests.
local
low complexity
eaton CWE-269
7.8
2020-05-07 CVE-2020-6651 OS Command Injection vulnerability in Eaton Intelligent Power Manager 1.6/1.67
Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application.
local
low complexity
eaton CWE-78
7.3
2020-04-15 CVE-2020-10639 Classic Buffer Overflow vulnerability in Eaton Hmisoft VU3 Firmware 3.00.23
Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues.
local
low complexity
eaton CWE-120
7.8
2020-03-23 CVE-2020-6650 Code Injection vulnerability in Eaton UPS Companion
UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability.
low complexity
eaton CWE-94
8.8