Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eaton vulnerabilities and exploits
(subscribe to this query)
3.6
CVSSv2
CVE-2019-5625
The Android mobile application Halo Home prior to 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an malicious user to impersonate...
Eaton Halo Home 1.9.0
5
CVSSv2
CVE-2016-9368
An issue exists in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating.
Eaton Xcomfort Ethernet Communication Interface
3.5
CVSSv2
CVE-2021-23284
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to Stored Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0pl...
Eaton Intelligent Power Manager Infrastructure
7.5
CVSSv2
CVE-2018-12031
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an malicious user to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.
Eaton Intelligent Power Manager 1.6
1 Github repository
NA
CVE-2022-33859
A security vulnerability exists in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may uplo...
Eaton Foreseer Electrical Power Monitoring System
5
CVSSv2
CVE-2016-0871
Eaton Lighting EG2 Web Control 4.04P and previous versions allows remote malicious users to read the configuration file, and consequently discover credentials, via a direct request.
Eaton Lighting Systems Eg2 Web Control
4.4
CVSSv2
CVE-2020-6654
A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an malicious user to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL.
Eaton 9000x Programming And Configuration Software
5
CVSSv2
CVE-2016-2272
Eaton Lighting EG2 Web Control 4.04P and previous versions allows remote malicious users to have an unspecified impact via a modified cookie.
Eaton Lighting Systems Eg2 Web Control
6.5
CVSSv2
CVE-2021-23276
Eaton Intelligent Power Manager (IPM) before 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow malicious users to add users in the data base...
NA
CVE-2021-23282
Eaton Intelligent Power Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »