CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31414
https://notcve.org/view.php?id=CVE-2024-31414
The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts when abused by bad actors. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1008.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43777 – Insecure storage of password in easySoft
https://notcve.org/view.php?id=CVE-2023-43777
Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password was being stored insecurely and could be retrieved by skilled adversaries. El software Eaton easySoft se utiliza para programar controladores y pantallas fáciles para configurar, programar y definir parámetros para todos los relés inteligentes. Este software tiene una función de protección con contraseña para proteger el archivo del proyecto contra accesos no autorizados. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1011.pdf • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 6.8EPSS: 0%CPEs: 44EXPL: 0CVE-2023-43776 – Weak encoding vulnerability in easyE4
https://notcve.org/view.php?id=CVE-2023-43776
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending). Eaton easyE4 PLC ofrece una funcionalidad de protección con contraseña del dispositivo para facilitar una conexión segura y evitar el acceso no autorizado. Se observó que la contraseña del dispositivo se almacenó con un algoritmo de codificación débil en el archivo del programa easyE4 cuando se exportó a la tarjeta SD (final de archivo *.PRG). • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2023-1010.pdf • CWE-261: Weak Encoding for Password CWE-326: Inadequate Encryption Strength •
CVSS: 5.3EPSS: 0%CPEs: 25EXPL: 0CVE-2023-43775 – Security issue in SMP Gateway automation platform
https://notcve.org/view.php?id=CVE-2023-43775
Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause the SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is not vulnerable anymore. Una vulnerabilidad de denegación de servicio en el servidor web de Eaton SMP Gateway permite a un atacante forzar potencialmente un reinicio inesperado de la plataforma de automatización, lo que afecta la disponibilidad del producto. En situaciones excepcionales, el problema podría provocar que el dispositivo SMP se reinicie en Modo Seguro o Modo Seguro Máximo. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2022-1008.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33859 – Unrestricted file upload in Eaton Foreseer EPMS
https://notcve.org/view.php?id=CVE-2022-33859
A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html . • https://www.eaton.com/us/en-us/company/news-insights/cybersecurity/security-notifications.html • CWE-434: Unrestricted Upload of File with Dangerous Type •