Download document () of 20

Security notifications

Our dedicated team of cybersecurity experts provides guidance on potential security threats or vulnerabilities for Eaton products and solutions.

Browse our library of security and technical advisories and bulletins.

Notification
      ID

  Date

 CVE-ID

        Summary

Affected Eaton Product(s) and Version(s)

Download

ETN-VA-2024-1065 12 January 2025 CVE-2024-57811 Vulnerability discovered in XC-303
  • XC303
PDF
ETN-SB-2024-1010 10 January 2025 CVE-2024-6387 Update on OpenSSH Vulnerability termed as ‘regreSSHion’

 

  • NM2
  • IPM2
  • INDGW-X2

 

PDF
spacer

Notification
      ID

  Date

 CVE-ID

        Summary

Affected Eaton Product(s) and Version(s)

Download

ETN-VA-2021-1001a 21 November 2024 CVE-2024-11594 Security issue in Intelligent Power Manager (IPM v1)
  • IPM
  • PDF  
    ETN-VA-2024-1026 08 November 2024 Multiple CVEs Vulnerabilities reported in i-WiFi01
  • i-WiFi01
  • PDF
    ETN-VA-2024-1008 13 September 2024 CVE-2024-31414, CVE-2024-31415, CVE-2024-31416 Multiple security issues in Eaton Foreseer Software Eaton Foreseer Software PDF
    ETN-SB-2021-1006 01 April 2024 Multiple CVEs Update on Critical Vulnerabilities reported in Apache log4j2
  • Multiple products
  • PDF
    ETN-VA-2023-1014 20 March 2024 -

    Vulnerability found in User Management System

  • NM3
  • NM2
  • G4 ePDU
  • IPM2
  • PDF
    spacer

    Notification ID

    Date

    CVE-ID

    Summary

    Affected Eaton Product(s) and Version(s)

    Download

    ETN-SB-2023-1016 20 December 2023 CVE-2023-46604 Critical vulnerability in Apache ActiveMQ library
    • IPM2
    • Yukon
    • Yukon Grid Server
    • Network Manager
    • VCOM
    PDF
    ETN-VA-2023-1011 19 October 2023 CVE-2023-43777 Security issue discovered in easySoft Eaton easySoft PDF
    ETN-VA-2023-1010 19 October 2023 CVE-2023-43776 Security issue discovered in easyE4 Eaton easyE4 PDF
    ETN-VA-2022-1008 03 October 2023 CVE-2023-43775 Security issue in SMP Gateway automation platform
    • SMP SG-4260
    • SMP SG-4250
    • SMP 4/DP
    • SMP 16
    PDF
    ETN-VA-2023-1008 01 June 2023 - Vulnerability identified in Eaton's SecureConnect Eaton SecureConnect PDF
    ETN-SB-2022-1004 22 May 2023 Multiple CVEs Updated Codesys Security Advisory
    • Form 7 recloser control
    • Proview NXG
    • XSOFT-CODESYS
    • XV103 (CEAG)
    • XC104
    • XC204
    • XC303
    PDF
    ETN-SB-2020-1008 17 March 2023 Multiple (See the advisory) Multiple security vulnerabilities termed "Ripple20" impacting Treck Inc.'s TCP/IP stack

    CL-7 voltage regulator control
    Form 4D recloser control
    Form 6 recloser control
    Edison Idea and IdeaPLUS relays (all variants)
    Eaton G3/G3+ ePDU

    • Metered Input PDU
    • Metered Outlet PDU
    • Managed PDU
    • High Density PDU

    Network Management Card Mini slot (NMC/Network-MS) card

    • Uninterrupted Power Supply (UPSs) with Network-MS card
    • Automatic Transfer Switch (ATS16) with Network-MS card

    Modbus-MS card

    • Uninterrupted Power Supply (UPSs) with Modbus-MS card
    PDF
       
    spacer

    Notification ID

    Date

    CVE-ID

    Summary

    Affected Eaton Product(s) and Version(s)

    Download

    ETN-SB-2022-1011 12 December 2022 CVE-2022-33861, CVE-2022-33862 Security Vulnerabilities in IPP versions All IPP versions released prior to 1.71 PDF
    ETN-SB-2022-1012 29 November 2022 CVE-2022-3786, CVE-2022-3602 OpenSSL v3.0 vulnerabilities No Eaton products impacted PDF
    ETN-VA-2022-1007 12 Oct 2022 CVE-2022-33859 Update on Foreseer EPMS Vulnerabilities
    • Foreseer EPMS versions 4.x, 5.x, 6.x and 7.0 to 7.5.
    PDF     
    ETN-SB-2022-1005 22 April 2022 - Security Bulletin for Pipedream CISA Alert: AA22-103A
    • None of the Eaton Products are directly impacted
    PDF     
    ETN-SB-2022-1003 15 July 2022 CVE-2022-22963, CVE-2022-22965 SpringShell Update
    • Yukon Multiple versions
    PDF     
    ETN-SB-2022-1002 25 April 2022 Alert APT Group Activity Alert
    • Refer Bulletin for additional information
    PDF     
    ETN-SB-2022-1001 16 March 2022 CVE-2022-22805,
    CVE-2022-22807,
    CVE-2022-0715
    Vulnerabilities termed as TLStorm, their impact to Eaton products
    • None
    PDF     
    spacer

    Notification ID

    Date

    CVE-ID

    Summary

    Affected Eaton Product(s) and Version(s)

    Download

    ETN-VA-2021-1001c 10- Apr-2022 CVE-2021-23284
    CVE-2021-23285
    CVE-2021-23286
    IPM Infra Security Notifications
    • IPM Infrastructure
    PDF     
    ETN-VA-2021-1001b 1-Mar-22 CVE-2021-23283 IPP Security Notifications
    • IPP
    PDF     
    ETN-VA-2021-1002a 1-Mar-22 CVE-2021-23287 IPM Security Notifications
    • IPM
    PDF     
    ETN-VA-2021-1002b 1-Mar-22 CVE-2021-23288 IPP Security Notifications
    • IPP
    PDF     
    ETN-SB-2021-1004 10- Feb-2022 2021-31400
    2021-31401
    2020-35683
    2020-35684
    2020-35685
    EC4P Security Bulletin with EOL Notification
    • EC4P-222…
    PDF     
    ETN-VA-2021-1000 Apr 12, 2021 CVE-2021-23276
    CVE-2021-23277
    CVE-2021-23278
    CVE-2021-23279
    CVE-2021-23280
    CVE-2021-23281
    Multiple security issues including SQLi, Code injection, Eval injection.
    • IPM v1.68, IPM VA v1.68, IPP v1.67
    PDF     
    spacer

    Notification ID

    Date

    CVE-ID

    Summary

    Affected Eaton Product(s) and Version(s)

    Download

    ETN-SB-2020-1011 Mar 4, 2021 CVE-2020-14509, CVE-2020-14517, CVE-2020-14519, CVE-2020-14513, CVE-2020-14515, CVE-2020-16233 Multiple security vulnerabilities in Wibu-Systems AG Codemeter Runtime affecting Codesys products.
    • XSOFT CODESYS Development System
    PDF     
    ETN-VA-2020-1009

    Jan 21, 2021

    CVE-2020-6655, CVE-2020-6656

    Multiple security issues in Eaton's easySoft Software v7.xx before 7.22 PDF
    ETN-SB-2020-1013

    Dec 17, 2020

    Multiple (See Advisory)

    Vulnerabilities impacting multiple embedded TCP/IP stacks termed AMNESIA:33 Refer advisory PDF
    ETN-SB-2020-1001 Oct. 05, 2020

    CVE-2020-6996 Stack based buffer overflow in Triangle Microworks DNP3 Library Affected Eaton Products & Versions - Form 4D recloser control, CL-7 voltage regulator control, Grid Advisor Series II smart sensor, CBC-8000, PXM 4/6/8K, SMP SG-4250, SMP SG-4260, SMP 4/DP, SMP 16, SMP 4 

    PDF

    ETN-VA-2020-1007 Sep 22, 2020 CVE-2020-6654 Application susceptible to DLL Hijacking vulnerability
    • 9000x programming and configuration software v2.0.38 & prior
    PDF
    ETN-VA-2020-1005 Aug 12, 2020 CVE-2020-6653 Information disclosure through logcat file

    Secure Connect Mobile app v1.7.3 & Prior

    PDF

    ETN-SB-2020-1006 Aug 4 2020 CVE-2019-13470 MatrixSSL security vulnerability
    • SMP 4/DP – All 6.3, 7.0, 7.1, 7.2 versions and all 8.0 versions before 8.0R6  
    • SMP SG-4250 and SMP SG-4260 – All 7.0, 7.1, 7.2 versions and all 8.0 versions before 8.0R6 
    • SMP 16 – All 6.3, 7.0, 7.1, 7.2
    PDF
    ETN-VA-2020-1004 May 4, 2020

    CVE-2020-6651

    CVE-2020-6652
    Improper input validation and improper privilege assignment vulnerabilities. Intelligent Power Manager (IPM) v1.67 & prior

    PDF

    ETN-VA-2020-1002 Apr. 17, 2020 CVE-2020-10639, CVE-2020-10637 Multiple Security vulnerabilities in HMi Soft VU3 HMiSoft VU3 v 3.00.23 & prior (HMIVU runtime is not impacted)

    PDF

    ETN-VA-2020-1003

    Mar. 20, 2020

    CVE-2020-6650

    Arbitrary code execution through "Update Manager" Class

    Eaton UPS Companion Software v 1.05 & Prior

    PDF

    ETN-SB-2020-1000

    Feb. 5, 2020

    CVE-2017-2780
    CVE-2017-2781

    Buffer overflow in the X509 certificate parsing functionality

    SMP SG-4250, SMP SG-4260, SMP 16, SMP 4 and SMP  4/DP with

    • All 8.0 versions previous to 8.0R5
    • All 7.2 versions previous to 7.2R5
    • All 7.1 versions previous to 7.1R5
    • All 7.0 versions
    • All 6.3 versions previous to 6.3R7

    PDF

               
    spacer

    Notification ID

    Date

    CVE ID

    Summary

    Affected Eaton Product(s) and Version(s)

    Download

    ETN-VA-2019-1005

    Oct. 15, 2019

    NA

    CGLine Security Advisory

    CGLine + Web Controller v Z1000.h and earlier
    CGVision v 6.02 to 6.40

    PDF

    ETN-VA-2019-1004

    Sep. 10, 2019

    CVE-2013-2566,
    CVE-2014-3566,
    CVE-2015-2808, CVE-2015-4000,
    CVE-2016-0800,
    CVE-2016-2183,
    CVE-2016-6329

    Insecure and weak cipher suites supported by SSL certificate used for Intelligent Power Protector

    Intelligent Power Protector (IPP) v1.61 and prior

    PDF

    ETN-SB-2019-1000

    June 5, 2019

    CVE-2019-0708

    Remote code execution issue reported in remote desktop services of Windows termed as BlueKeep

    Eaton products are not directly affected

    PDF

    ETN-VA-2019-1002

    May 14, 2019

    CVE-2019-5625

    Halo Home Smart Lighting mobile app affected by insecure data storage and insecure direct object reference security issues

    Halo Home Smart Lighting Mobile App (Android & iOS) v1.9.0 and prior

    PDF

    ETN-VA-2019-1003

    Aug. 14, 2019

    NA

    Multiple security vulnerabilities identified

    EasySoft v6.9 and prior

    PDF

    ETN-VA-2019-1001

    Jan. 16, 2019

    CVE-2018-12031

    Local file inclusion allows an attacker to include a file via directory traversal with the firmware parameter in a download firmware action

    Intelligent Power Manager (IPM) v1.62 and prior

    PDF

    spacer

    Notification ID

    Date

    CVE-ID

    Summary

    Affected Eaton Product(s) and Version(s)

    Download

    ETN-SB-2018-1008

    Dec. 12, 2018

    CVE-2017-0143,
    CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148

    Wannacry ransomware infection reported in Eaton PLC XP 503

    XP 503

    PDF

    ETN-VA-2018-1007

    Dec. 5, 2018

    NA

    Cross site scripting (XSS) vulnerability reported in xComfort Smart Home Controller-7.5

    xComfort Smart Home Controller SHC-7.5-2.3.2

    PDF

    ETN-VA-2018-1006

    Oct. 15, 2018

    CVE-2018-9279 CVE-2018-9280 CVE-2018-9281

    Multiple vulnerabilities in Network MS card

    Network MS card  version LA and prior

    PDF

    ETN-VA-2018-1005

    Aug. 27, 2018

    NA

    Product shipped with a public/private key pair on Power Xpert Meter hardware that allows  passwordless authentication to any accessible Power Xpert Meter

    Power Xpert Meters 4000/6000/8000 v13.3 and prior

    PDF

    ETN-VA-2018-1004

    June 26, 2018

    CVE-2018-8847

    Multiple vulnerabilities reported in Eaton 9000X drive

    9000X drives v2.0.29 and prior

    PDF

    ETN-VA-2018-1003

    Feb. 15, 2018

    CVE-2018-7511

    Improper input validation can lead to remote code execution in ELC Soft software

    Eaton Logic Controller Software (ELC Soft) v2.04.02 and prior

    PDF

    ETN-SB-2018-1000

    Apr. 18, 2018

    CVE-2017-0143,
    CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148

    WannaCry security bulletin for Eaton's XC/XV and similar products

    XC/XV device family

    PDF

    ETN-SB-2018-1001

    Apr. 5, 2018

    CVE-2017-0143,
    CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148

    Wannacry security bulletin for Eaton's XP device family

    XP device family

    PDF

    ETN-SB-2018-1002

    Feb. 26, 2018

    CVE-2017-5754

    Meltdown and Spectre security bulletin for XV/XC/XP device family

    XV/XC/XP device family

    PDF

    spacer

    Notification ID

    Date

    CVE-ID

    Summary

    Affected Eaton Product(s) and Version(s)

    Download

    ETN-VA-2017-1001

    Feb. 28, 2017

    CVE-2016-9368

    Unauthenticated access to backup and log files in xComfort ethernet communication interface card

    xComfort ECI1.07 and prior

    PDF

    ETN-SB-2017-1000

    July 10, 2017

    CVE-2017-0144, CVE-2017-0145

    Petya ransomware security bulletin for Eaton customers

    None of the Eaton Products are directly impacted

    PDF

    spacer

    Notification ID

    Date

    CVE-ID

    Summary

    Affected Eaton Product(s) and Version(s)

    Download

    ETN-VA-2016-1002

    Nov. 15, 2016

    CVE-2016-9357

    Authentication bypass vulnerability leading to privilege escalation

    Eaton ePDU G2 v 01.01.0011

    PDF

    ETN-VA-2016-1001

    June 1, 2016

    CVE-2016-4509
    CVE-2016-4512

    Heap-based memory corruption and stack-based buffer overflow security issues in Eaton ELC software

    Eaton Logic Controller Software (ELC Soft) v2.04.01 and prior

    PDF

    ETN-VA-2016-1000

    Feb. 16, 2016

    CVE-2016-2272
    CVE-2016-0871

    Authentication bypass using multiple security issues in Eaton iLight and iLumin products

    iLumin EG2-NA
    iLight EG2 v4.04p and prior

    PDF

    spacer

    Notification ID

    Date

    CVE-ID

    Summary

    Affected Eaton Product(s) and Version(s)

    Download

    ETN-VA-2015-1003

    Oct. 1, 2015

    CVE-2014-9196

    Predictable TCP sequence vulnerability in Eaton's Cooper Power Systems Form 6 controls and Idea/IdeaPLUS relays with ethernet application

    Form 6 control
    Idea/IdeaPLUS relays
    (Pro View 4.0 through Pro View 5.0 software)

    PDF

    ETN-SB-2015-1002

    Jan. 22, 2015

    CVE-2015-0235

    Security bulletin for GHOST which is a 'buffer overflow' bug affecting function calls in the glibc library that could potentially allow someone to execute remote code

    Multiple Eaton products

    PDF

    ETN-VA-2015-1001

    May 14, 2015

    NA

    Arbitrary code execution in Eaton's visual designer

    Multiple Eaton products

    PDF

    ETN-SB-2015-1000

    Feb. 2, 2015

    CVE-2014-9295

    Network Time Protocol (NTP) 2.4.7 vulnerability

    Power XpertT Gateway models:
    • PXG 200E
    • PXG 400E
    • PXG 600E
    • PXG 800E

    PDF

    spacer