Vulnerabilities > Eaton > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-10637 | Out-of-bounds Read vulnerability in Eaton Hmisoft VU3 Firmware 3.00.23 Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. | 5.5 |
| 2020-01-22 | CVE-2020-7915 | Cross-site Scripting vulnerability in Eaton 5P 850 Firmware An issue was discovered on Eaton 5P 850 devices. | 4.8 |
| 2018-10-24 | CVE-2018-9280 | Insufficiently Protected Credentials vulnerability in Eaton 9PX UPS Firmware An issue was discovered on Eaton UPS 9PX 8000 SP devices. | 4.9 |
| 2018-10-24 | CVE-2018-9279 | Insufficiently Protected Credentials vulnerability in Eaton 9PX UPS Firmware An issue was discovered on Eaton UPS 9PX 8000 SP devices. | 4.9 |
| 2018-03-20 | CVE-2018-7511 | Improper Input Validation vulnerability in Eaton Elcsoft 1.00.08/2.4.01 In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code. | 5.3 |
| 2017-02-13 | CVE-2016-9357 | Path Traversal vulnerability in Eaton products An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx prior to January 31, 2014. | 5.3 |
| 2016-07-03 | CVE-2016-4509 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Eaton Elcsoft 1.00.08/2.4.01 Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file. | 6.0 |
| 2015-12-23 | CVE-2015-6471 | Information Exposure vulnerability in Eaton Proview Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data. | 5.3 |