CVE-2022-33862 – Improper access control mechanism in IPP
https://notcve.org/view.php?id=CVE-2022-33862
IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/ETN-VA-2022-1011.pdf • CWE-287: Improper Authentication •
CVE-2022-33861 – Insufficient verification of authenticity in IPP
https://notcve.org/view.php?id=CVE-2022-33861
IPP software versions prior to v1.71 do not sufficiently verify the authenticity of data, in a way that causes it to accept invalid data. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/ETN-VA-2022-1011.pdf • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2021-23282 – Stored Cross-site Scripting reported in Intelligent Power Manager v1
https://notcve.org/view.php?id=CVE-2021-23282
Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-Vulnerability-Advisory_1001a_V1.0.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-31416
https://notcve.org/view.php?id=CVE-2024-31416
The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result in excessive memory consumption or integer overflow. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1008.pdf • CWE-1284: Improper Validation of Specified Quantity in Input •
CVE-2024-31415
https://notcve.org/view.php?id=CVE-2024-31415
The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encryption were insecurely stored, which could be abused to possibly change or remove the server configuration. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1008.pdf • CWE-522: Insufficiently Protected Credentials •