Eaton : Security Vulnerabilities, CVEs, (Bypass)
Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password was being stored insecurely and could be retrieved by skilled adversaries.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-10-17
Updated
2023-10-25
Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending).
Max CVSS
6.8
EPSS Score
0.05%
Published
2023-10-17
Updated
2023-10-25
An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating.
Max CVSS
7.5
EPSS Score
0.16%
Published
2017-03-14
Updated
2019-10-09
Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php.
Max CVSS
10.0
EPSS Score
11.48%
Published
2009-05-28
Updated
2018-10-11
4 vulnerabilities found