Filtered by vendor Eaton
Subscriptions
Total
41 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5625 | 1 Eaton | 1 Halo Home | 2020-10-16 | 7.1 High |
| The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an attacker to impersonate the legitimate user by reusing the stored OAuth token, thus allowing them to view and change the user's personal information stored in the backend cloud service. The attacker would first need to gain physical control of the Android device or compromise it with a malicious app. | ||||
| CVE-2020-6654 | 1 Eaton | 1 9000x Programming And Configuration Software | 2020-10-16 | 7.8 High |
| A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL. | ||||
| CVE-2018-8847 | 1 Eaton | 2 9000x, 9000x Firmware | 2020-09-29 | 9.8 Critical |
| Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution. | ||||
| CVE-2018-9281 | 1 Eaton | 2 9px Ups, 9px Ups Firmware | 2020-08-24 | N/A |
| An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change-password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vulnerable to Reflected Cross-Site Scripting vulnerabilities. This flaw could be triggered by driving an administrator logged into the Eaton application to a specially crafted web page. This attack could be done silently. | ||||
| CVE-2020-6653 | 1 Eaton | 1 Secureconnect | 2020-08-19 | 3.9 Low |
| Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the information to monitor and control the user's account and associated devices. | ||||
| CVE-2020-6652 | 1 Eaton | 1 Intelligent Power Manager | 2020-05-12 | 7.8 High |
| Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the configurations with incorrect parameters. | ||||
| CVE-2020-6651 | 1 Eaton | 1 Intelligent Power Manager | 2020-05-12 | 7.3 High |
| Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application. | ||||
| CVE-2020-10639 | 1 Eaton | 2 Hmisoft Vu3, Hmisoft Vu3 Firmware | 2020-04-22 | 7.8 High |
| Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. A specially crafted input file could cause a buffer overflow when loaded by the affected product. | ||||
| CVE-2020-10637 | 1 Eaton | 2 Hmisoft Vu3, Hmisoft Vu3 Firmware | 2020-04-22 | 5.5 Medium |
| Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. A specially crafted input file could trigger an out-of-bounds read when loaded by the affected product. | ||||
| CVE-2020-6650 | 1 Eaton | 1 Ups Companion | 2020-03-27 | 8.8 High |
| UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.”eval” in “Update Manager” class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed. | ||||
| CVE-2020-7915 | 1 Eaton | 2 5p 850, 5p 850 Firmware | 2020-01-24 | 4.8 Medium |
| An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI field allows XSS attacks by an administrator. | ||||
| CVE-2018-7511 | 1 Eaton | 1 Elcsoft | 2019-10-09 | N/A |
| In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code. | ||||
| CVE-2016-9368 | 1 Eaton | 1 Xcomfort Ethernet Communication Interface | 2019-10-09 | N/A |
| An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating. | ||||
| CVE-2018-9279 | 1 Eaton | 2 9px Ups, 9px Ups Firmware | 2019-10-03 | N/A |
| An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's password. The web page displayed by the appliance contains the password in cleartext. Passwords could be retrieved by browsing the source code of the webpage. | ||||
| CVE-2018-9280 | 1 Eaton | 2 9px Ups, 9px Ups Firmware | 2019-10-03 | N/A |
| An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3 user's password. The web page displayed by the appliance contains the password in cleartext. Passwords of the read and write users could be retrieved by browsing the source code of the webpage. | ||||
| CVE-2008-6816 | 1 Eaton | 1 Network Shutdown Module | 2018-10-11 | N/A |
| Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php. | ||||
| CVE-2016-9357 | 1 Eaton | 10 Eamaxx Series Epdu, Eamaxx Series Epdu Firmware, Eamxxx Series Epdu and 7 more | 2017-03-16 | N/A |
| An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx prior to January 31, 2014. An unauthenticated attacker may be able to access configuration files with a specially crafted URL (Path Traversal). | ||||
| CVE-2016-4512 | 1 Eaton | 1 Elcsoft | 2016-11-28 | N/A |
| Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attackers to execute arbitrary code via a long packet. | ||||
| CVE-2016-4509 | 1 Eaton | 1 Elcsoft | 2016-11-28 | N/A |
| Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file. | ||||
| CVE-2014-9196 | 1 Eaton | 1 Proview | 2016-11-28 | N/A |
| Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. | ||||