CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-9280
https://notcve.org/view.php?id=CVE-2018-9280
24 Oct 2018 — An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3 user's password. The web page displayed by the appliance contains the password in cleartext. Passwords of the read and write users could be retrieved by browsing the source code of the webpage. Se ha descubierto un problema en dispositivos Eaton UPS 9PX 8000 SP. • https://www.bishopfox.com/news/2018/10/eaton-ups-9px-8000-sp-multiple-vulnerabilities • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-9279
https://notcve.org/view.php?id=CVE-2018-9279
24 Oct 2018 — An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's password. The web page displayed by the appliance contains the password in cleartext. Passwords could be retrieved by browsing the source code of the webpage. Se ha descubierto un problema en dispositivos Eaton UPS 9PX 8000 SP. • https://www.bishopfox.com/news/2018/10/eaton-ups-9px-8000-sp-multiple-vulnerabilities • CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 67%CPEs: 6EXPL: 3CVE-2018-16158 – Eaton Xpert Meter SSH Private Key Exposure Scanner
https://notcve.org/view.php?id=CVE-2018-16158
30 Aug 2018 — Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option. Los dispositivos Eaton Power Xpert Meter 4000, 6000 y 8000 en versiones anteriores a la 13.4.0.10 tienen una única clave privada SSH en las diferentes instalaciones de clientes y no restringen correctamente e... • https://packetstorm.news/files/id/181224 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 13%CPEs: 2EXPL: 0CVE-2018-8847 – Eaton 9000XDrive TLF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-8847
12 Jul 2018 — Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution. Eaton 9000X DriveA en versiones 2.0.29 y anteriores tiene un desbordamiento de búfer basado en pila que podría permitir la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton 9000XDrive. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o... • http://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton_9000X_Drive.pdf • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 80%CPEs: 1EXPL: 1CVE-2018-12031
https://notcve.org/view.php?id=CVE-2018-12031
07 Jun 2018 — Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action. Inclusión de archivos locales en Eaton Intelligent Power Manager v1.6 permite que un atacante incluya un archivo mediante un salto de directorio en server/node_upgrade_srv.js con el parámetro firmware en una acción downloadFirmware. • https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-7511
https://notcve.org/view.php?id=CVE-2018-7511
20 Mar 2018 — In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code. En las versiones 2.04.02 y anteriores de Eaton ELCSoft, hay múltiples casos en los que archivos especialmente manipulados podrían provocar un desbordamiento de búfer que, a su vez, podría permitir la ejecución remota de código arbitrario. • http://www.eaton.com/ecm/idcplg?IdcService=GET_FILE&allowInterrupt=1&RevisionSelectionMethod=LatestReleased&noSaveAs=0&Rendition=Primary&dDocName=PCT_3313148 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9368
https://notcve.org/view.php?id=CVE-2016-9368
14 Mar 2017 — An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating. Se ha descubierto un problema en Eaton xComfort Ethernet Communication Interface (ECI) Versiones 1.07 y anteriores. Accediendo a un localizador de recursos uniforme (URL) específico en el servidor web, un usuario malicioso podría ser capaz de acceder a archivos si... • https://ics-cert.us-cert.gov/advisories/ICSA-17-061-01 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 1%CPEs: 10EXPL: 0CVE-2016-9357
https://notcve.org/view.php?id=CVE-2016-9357
13 Feb 2017 — An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx prior to January 31, 2014. An unauthenticated attacker may be able to access configuration files with a specially crafted URL (Path Traversal). Ha sido descubierto un problema en ciertas legacy Eaton ePDUs -- los productos afectados han ... • http://www.securityfocus.com/bid/95817 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0CVE-2016-4509 – Eaton ELCSoft Heap Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4509
03 Jul 2016 — Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file. Desbordamiento de buffer basado en memoria dinámica en elcsoft.exe en Eaton ELCSoft 2.4.01 y versiones anteriores permite a usuarios remotos autenticados ejecutar código arbitrario a través de un archivo manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is req... • http://www.securityfocus.com/bid/91524 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 0CVE-2016-4512 – Eaton ELCSoft ELCSimulator Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4512
03 Jul 2016 — Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attackers to execute arbitrary code via a long packet. Desbordamiento de buffer basado en pila en ELCSimulator en Eaton ELCSoft 2.4.01 y versiones anteriores permite a atacantes remotos ejecutar código arbitrario a través de un paquete largo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. Authentication is not required to exploit this vulnerability... • http://www.securityfocus.com/bid/91524 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •