Vulnerabilities > Eaton > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2024-31414 | Cross-site Scripting vulnerability in Eaton Foreseer Electrical Power Monitoring System The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. | 6.1 |
| 2024-09-13 | CVE-2024-31416 | Improper Validation of Specified Quantity in Input vulnerability in Eaton Foreseer Electrical Power Monitoring System The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. | 6.5 |
| 2023-10-17 | CVE-2023-43776 | Inadequate Encryption Strength vulnerability in Eaton products Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. | 6.6 |
| 2023-10-17 | CVE-2023-43777 | Insufficiently Protected Credentials vulnerability in Eaton Easysoft Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. | 6.5 |
| 2023-09-27 | CVE-2023-43775 | Unspecified vulnerability in Eaton products Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. | 5.3 |
| 2022-04-18 | CVE-2021-23284 | Cross-site Scripting vulnerability in Eaton Intelligent Power Manager Infrastructure 1.5.0Plus205 Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to Stored Cross-site Scripting vulnerability. | 4.8 |
| 2022-04-18 | CVE-2021-23285 | Cross-site Scripting vulnerability in Eaton Intelligent Power Manager Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to reflected Cross-site Scripting vulnerability. | 4.8 |
| 2021-01-07 | CVE-2020-6656 | Type Confusion vulnerability in Eaton Easysoft Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file parsing type confusion remote code execution vulnerability. | 6.8 |
| 2021-01-07 | CVE-2020-6655 | Out-of-bounds Read vulnerability in Eaton Easysoft 7.20 The Eaton's easySoft software v7.xx prior to v7.22 are susceptible to Out-of-bounds remote code execution vulnerability. | 6.8 |
| 2020-09-30 | CVE-2020-6654 | Uncontrolled Search Path Element vulnerability in Eaton 9000X Programming and Configuration Software A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL. | 4.4 |