Aggregates CVE and security vulnerability intelligence across all eaton-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow, vendor risk input validation, vendor risk cross-site scripting, and vendor risk path handling and related problems; some flaws may lead to vendor impact memory corruption.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-22619 | Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download center. | [email protected] | 7.8 | 0.01% | 2026-04-16 | 2026-04-22 |
| CVE-2026-22618 | A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre. | [email protected] | 5.9 | 0.01% | 2026-04-16 | 2026-04-22 |
| CVE-2026-22617 | Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre. | [email protected] | 5.7 | 0.01% | 2026-04-16 | 2026-04-22 |
| CVE-2026-22616 | Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton download centre. | [email protected] | 6.5 | 0.04% | 2026-04-16 | 2026-04-22 |
| CVE-2026-22615 | Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre. | [email protected] | 6.0 | 0.03% | 2026-04-16 | 2026-04-22 |
| CVE-2026-22614 | The encryption mechanism used in Eaton's EasySoft project file was insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially read the sensitive information stored and tamper with the project file. This security issue has been fixed in the latest version of Eaton EasySoft which is available on the Eaton download centre. | [email protected] | 6.1 | 0.01% | 2026-03-10 | 2026-05-21 |
| CVE-2025-67450 | Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center. | [email protected] | 7.8 | 0.01% | 2025-12-26 | 2026-02-18 |
| CVE-2025-59888 | Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center. | [email protected] | 6.7 | 0.01% | 2025-12-26 | 2026-02-18 |
| CVE-2025-59887 | Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center. | [email protected] | 8.6 | 0.02% | 2025-12-26 | 2026-02-18 |
| CVE-2025-59886 | Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the product. Upon retirement or end of support, there will be no new security updates, non-security updates, or paid assisted support options, or online technical content updates. | [email protected] | 8.8 | 0.06% | 2025-12-23 | 2026-02-18 |
| CVE-2024-31416 | The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result in excessive memory consumption or integer overflow. | [email protected] | 5.6 | 0.10% | 2024-09-13 | 2025-08-26 |
| CVE-2024-31415 | The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encryption were insecurely stored, which could be abused to possibly change or remove the server configuration. | [email protected] | 6.3 | 0.06% | 2024-09-13 | 2025-08-26 |
| CVE-2024-31414 | The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts when abused by bad actors. | [email protected] | 6.7 | 0.69% | 2024-09-13 | 2024-09-19 |
| CVE-2023-43777 | Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password was being stored insecurely and could be retrieved by skilled adversaries. | [email protected] | 5.9 | 0.06% | 2023-10-17 | 2024-11-21 |
| CVE-2023-43776 | Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending). | [email protected] | 6.8 | 0.03% | 2023-10-17 | 2024-11-21 |
| CVE-2023-43775 | Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause the SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is not vulnerable anymore. | [email protected] | 4.7 | 0.05% | 2023-09-27 | 2024-11-21 |
| CVE-2022-33859 | A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigatio | [email protected] | 8.1 | 0.19% | 2022-10-28 | 2024-11-21 |
| CVE-2021-23283 | Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software. | [email protected] | 5.2 | 0.20% | 2022-04-19 | 2024-11-21 |
| CVE-2021-23286 | Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions. | [email protected] | 5.7 | 0.10% | 2022-04-18 | 2024-11-21 |
| CVE-2021-23285 | Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to reflected Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions. | [email protected] | 3.1 | 0.21% | 2022-04-18 | 2024-11-21 |