CVE-2016-2272
https://notcve.org/view.php?id=CVE-2016-2272
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie. Eaton Lighting EG2 Web Control 4.04P y versiones anteriores permite a atacantes remotos tener un impacto no especificado a través de una cookie modificada. • https://ics-cert.us-cert.gov/advisories/ICSA-16-061-03 • CWE-284: Improper Access Control •
CVE-2015-6471
https://notcve.org/view.php?id=CVE-2015-6471
Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data. Eaton Cooper Power Systems ProView 4.x y 5.x en versiones a anteriores a 5.1 en controles Form 6 e Idea e IdeaPLUS relay no inicializa correctamente los campos de relleno en los paquetes Ethernet, lo que permite a atacantes remotos obtener información sensible mediante la lectura de datos del paquete. • https://ics-cert.us-cert.gov/advisories/ICSA-15-295-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-9196
https://notcve.org/view.php?id=CVE-2014-9196
Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. 'ulnerabilidad en Eaton Cooper Power Systems ProView en las versiones 4.0 y 5.0 anterior a la 5.0 11 Form 6 controles e Idea e IdeaPLUS relay genera un número TCP inicial de secuencia (ISN) de valores lineales, lo que hace que sea más fácil para los atacantes remotos falsificar las sesiones TCP al predecir un valor ISN. • http://www.securityfocus.com/bid/75936 https://ics-cert.us-cert.gov/advisories/ICSA-15-006-01 • CWE-254: 7PK - Security Features •
CVE-2008-6816
https://notcve.org/view.php?id=CVE-2008-6816
Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php. Eaton MGEOPS Network Shutdown Module en versiones anteriores a la v3.10 Build 13 permite a atacantes remotos ejecutar código de su elección mediante la adición de una acción personalizada al frontend MGE a través de pane_actionbutton.php y, a continuación, ejecutar esta acción a través de exec_action.php. • http://download.mgeops.com/install/win32/nsm/release_note_nsm_320.txt http://osvdb.org/50051 http://secunia.com/advisories/32456 http://www.nruns.com/security_advisory_eaton_mge_ops_network_shutdown_module_authentication_bypass.php http://www.securityfocus.com/archive/1/497824/100/100/threaded http://www.securityfocus.com/bid/31933 https://exchange.xforce.ibmcloud.com/vulnerabilities/46131 • CWE-287: Improper Authentication •