CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22493 – Improper cookie attributes in Foreseer Reporting Software (FRS)
https://notcve.org/view.php?id=CVE-2025-22493
05 Mar 2025 — Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software (FRS). Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connections. This security issue has been resolved in the latest version of FRS v1.5.100. No se ha establecido el indicador de seguridad y SameSIte se ha establecido en Lax en el software de informes Foreseer (FRS). La ausencia de este indicador de seguridad podría provocar que la cookie de sesión se transmita a travé... • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1009.pdf • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22492 – Insecure storage of connection strings in FRS
https://notcve.org/view.php?id=CVE-2025-22492
28 Feb 2025 — The connection string visible to users with access to FRSCore database on Foreseer Reporting Software (FRS) VM, this string can be used for gaining administrative access to the 4crXref database. This vulnerability has been resolved in the latest version 1.5.100 of FRS. The connection string visible to users with access to FRSCore database on Foreseer Reporting Software (FRS) VM, this string can be used for gaining administrative access to the 4crXref database. This vulnerability has been resolved in the lat... • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1009.pdf • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22491 – Improper Input Validation in Foreseer Reporting Software (FRS)
https://notcve.org/view.php?id=CVE-2025-22491
28 Feb 2025 — The user input was not sanitized on Reporting Hierarchy Management page of Foreseer Reporting Software (FRS) application which could lead into execution of arbitrary JavaScript in a browser context for all the interacting users. This security issue has been patched in the latest version 1.5.100 of the FRS. The user input was not sanitized on Reporting Hierarchy Management page of Foreseer Reporting Software (FRS) application which could lead into execution of arbitrary JavaScript in a browser context for al... • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1009.pdf • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22495 – Improper input validation in
https://notcve.org/view.php?id=CVE-2025-22495
24 Feb 2025 — An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability to execute arbitrary commands. The vulnerability has been resolved in the version 3.0.4. Note - Network-M2 has been declared end-of-life in early 2024 and Network-M3 has been released as a fit-and-functional replacement. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1004.pdf • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33862 – Improper access control mechanism in IPP
https://notcve.org/view.php?id=CVE-2022-33862
25 Nov 2024 — IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems. IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/ETN-VA-2022-1011.pdf • CWE-287: Improper Authentication •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33861 – Insufficient verification of authenticity in IPP
https://notcve.org/view.php?id=CVE-2022-33861
25 Nov 2024 — IPP software versions prior to v1.71 do not sufficiently verify the authenticity of data, in a way that causes it to accept invalid data. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/ETN-VA-2022-1011.pdf • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23282 – Stored Cross-site Scripting reported in Intelligent Power Manager v1
https://notcve.org/view.php?id=CVE-2021-23282
25 Nov 2024 — Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-Vulnerability-Advisory_1001a_V1.0.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31416
https://notcve.org/view.php?id=CVE-2024-31416
13 Sep 2024 — The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result in excessive memory consumption or integer overflow. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1008.pdf • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31415
https://notcve.org/view.php?id=CVE-2024-31415
13 Sep 2024 — The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encryption were insecurely stored, which could be abused to possibly change or remove the server configuration. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1008.pdf • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31414
https://notcve.org/view.php?id=CVE-2024-31414
13 Sep 2024 — The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts when abused by bad actors. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2024-1008.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •