Notification |
Date |
CVE-ID |
Summary |
Affected Eaton Product(s) and Version(s) |
Download |
ETN-VA-2024-1065 | 12 January 2025 | CVE-2024-57811 | Vulnerability discovered in XC-303 |
|
|
ETN-SB-2024-1010 | 10 January 2025 | CVE-2024-6387 | Update on OpenSSH Vulnerability termed as ‘regreSSHion’ |
|
Notification |
Date |
CVE-ID |
Summary |
Affected Eaton Product(s) and Version(s) |
Download |
ETN-VA-2021-1001a | 21 November 2024 | CVE-2024-11594 | Security issue in Intelligent Power Manager (IPM v1) | ||
ETN-VA-2024-1026 | 08 November 2024 | Multiple CVEs | Vulnerabilities reported in i-WiFi01 | ||
ETN-VA-2024-1008 | 13 September 2024 | CVE-2024-31414, CVE-2024-31415, CVE-2024-31416 | Multiple security issues in Eaton Foreseer Software | Eaton Foreseer Software | |
ETN-SB-2021-1006 | 01 April 2024 | Multiple CVEs | Update on Critical Vulnerabilities reported in Apache log4j2 | ||
ETN-VA-2023-1014 | 20 March 2024 | - | Vulnerability found in User Management System |
Notification ID |
Date |
CVE-ID |
Summary |
Affected Eaton Product(s) and Version(s) |
Download |
ETN-SB-2023-1016 | 20 December 2023 | CVE-2023-46604 | Critical vulnerability in Apache ActiveMQ library |
|
|
ETN-VA-2023-1011 | 19 October 2023 | CVE-2023-43777 | Security issue discovered in easySoft | Eaton easySoft | |
ETN-VA-2023-1010 | 19 October 2023 | CVE-2023-43776 | Security issue discovered in easyE4 | Eaton easyE4 | |
ETN-VA-2022-1008 | 03 October 2023 | CVE-2023-43775 | Security issue in SMP Gateway automation platform |
|
|
ETN-VA-2023-1008 | 01 June 2023 | - | Vulnerability identified in Eaton's SecureConnect | Eaton SecureConnect | |
ETN-SB-2022-1004 | 22 May 2023 | Multiple CVEs | Updated Codesys Security Advisory |
|
|
ETN-SB-2020-1008 | 17 March 2023 | Multiple (See the advisory) | Multiple security vulnerabilities termed "Ripple20" impacting Treck Inc.'s TCP/IP stack | CL-7 voltage regulator control
Network Management Card Mini slot (NMC/Network-MS) card
Modbus-MS card
|
|
Date |
CVE-ID |
Summary |
Affected Eaton Product(s) and Version(s) |
Download |
|
ETN-SB-2022-1011 | 12 December 2022 | CVE-2022-33861, CVE-2022-33862 | Security Vulnerabilities in IPP versions | All IPP versions released prior to 1.71 | |
ETN-SB-2022-1012 | 29 November 2022 | CVE-2022-3786, CVE-2022-3602 | OpenSSL v3.0 vulnerabilities | No Eaton products impacted | |
ETN-VA-2022-1007 | 12 Oct 2022 | CVE-2022-33859 | Update on Foreseer EPMS Vulnerabilities |
|
|
ETN-SB-2022-1005 | 22 April 2022 | - | Security Bulletin for Pipedream CISA Alert: AA22-103A |
|
|
ETN-SB-2022-1003 | 15 July 2022 | CVE-2022-22963, CVE-2022-22965 | SpringShell Update |
|
|
ETN-SB-2022-1002 | 25 April 2022 | Alert | APT Group Activity Alert |
|
|
ETN-SB-2022-1001 | 16 March 2022 | CVE-2022-22805, CVE-2022-22807, CVE-2022-0715 |
Vulnerabilities termed as TLStorm, their impact to Eaton products |
|
Notification ID |
Date |
CVE-ID |
Summary |
Affected Eaton Product(s) and Version(s) |
Download |
ETN-VA-2021-1001c | 10- Apr-2022 | CVE-2021-23284 CVE-2021-23285 CVE-2021-23286 |
IPM Infra Security Notifications |
|
|
ETN-VA-2021-1001b | 1-Mar-22 | CVE-2021-23283 | IPP Security Notifications |
|
|
ETN-VA-2021-1002a | 1-Mar-22 | CVE-2021-23287 | IPM Security Notifications |
|
|
ETN-VA-2021-1002b | 1-Mar-22 | CVE-2021-23288 | IPP Security Notifications |
|
|
ETN-SB-2021-1004 | 10- Feb-2022 | 2021-31400 2021-31401 2020-35683 2020-35684 2020-35685 |
EC4P Security Bulletin with EOL Notification |
|
|
ETN-VA-2021-1000 | Apr 12, 2021 | CVE-2021-23276 CVE-2021-23277 CVE-2021-23278 CVE-2021-23279 CVE-2021-23280 CVE-2021-23281 |
Multiple security issues including SQLi, Code injection, Eval injection. |
|
Notification ID |
Date |
CVE-ID |
Summary |
Affected Eaton Product(s) and Version(s) |
Download |
ETN-SB-2020-1011 | Mar 4, 2021 | CVE-2020-14509, CVE-2020-14517, CVE-2020-14519, CVE-2020-14513, CVE-2020-14515, CVE-2020-16233 | Multiple security vulnerabilities in Wibu-Systems AG Codemeter Runtime affecting Codesys products. |
|
|
ETN-VA-2020-1009 |
Jan 21, 2021 |
CVE-2020-6655, CVE-2020-6656 |
Multiple security issues in Eaton's easySoft Software | v7.xx before 7.22 | |
ETN-SB-2020-1013 |
Dec 17, 2020 |
Multiple (See Advisory) |
Vulnerabilities impacting multiple embedded TCP/IP stacks termed AMNESIA:33 | Refer advisory | |
ETN-SB-2020-1001 | Oct. 05, 2020 |
CVE-2020-6996 | Stack based buffer overflow in Triangle Microworks DNP3 Library | Affected Eaton Products & Versions - Form 4D recloser control, CL-7 voltage regulator control, Grid Advisor Series II smart sensor, CBC-8000, PXM 4/6/8K, SMP SG-4250, SMP SG-4260, SMP 4/DP, SMP 16, SMP 4 | |
ETN-VA-2020-1007 | Sep 22, 2020 | CVE-2020-6654 | Application susceptible to DLL Hijacking vulnerability |
|
|
ETN-VA-2020-1005 | Aug 12, 2020 | CVE-2020-6653 | Information disclosure through logcat file | Secure Connect Mobile app v1.7.3 & Prior |
|
ETN-SB-2020-1006 | Aug 4 2020 | CVE-2019-13470 | MatrixSSL security vulnerability |
|
|
ETN-VA-2020-1004 | May 4, 2020 |
CVE-2020-6651 CVE-2020-6652 |
Improper input validation and improper privilege assignment vulnerabilities. | Intelligent Power Manager (IPM) v1.67 & prior | |
ETN-VA-2020-1002 | Apr. 17, 2020 | CVE-2020-10639, CVE-2020-10637 | Multiple Security vulnerabilities in HMi Soft VU3 | HMiSoft VU3 v 3.00.23 & prior (HMIVU runtime is not impacted) | |
ETN-VA-2020-1003 |
Mar. 20, 2020 |
CVE-2020-6650 |
Arbitrary code execution through "Update Manager" Class |
Eaton UPS Companion Software v 1.05 & Prior |
|
ETN-SB-2020-1000 |
Feb. 5, 2020 |
CVE-2017-2780 |
Buffer overflow in the X509 certificate parsing functionality |
SMP SG-4250, SMP SG-4260, SMP 16, SMP 4 and SMP 4/DP with
|
|
Notification ID |
Date |
CVE ID |
Summary |
Affected Eaton Product(s) and Version(s) |
Download |
ETN-VA-2019-1005 |
Oct. 15, 2019 |
NA |
CGLine Security Advisory |
CGLine + Web Controller v Z1000.h and earlier |
|
ETN-VA-2019-1004 |
Sep. 10, 2019 |
CVE-2013-2566, |
Insecure and weak cipher suites supported by SSL certificate used for Intelligent Power Protector |
Intelligent Power Protector (IPP) v1.61 and prior |
|
ETN-SB-2019-1000 |
June 5, 2019 |
CVE-2019-0708 |
Remote code execution issue reported in remote desktop services of Windows termed as BlueKeep |
Eaton products are not directly affected |
|
ETN-VA-2019-1002 |
May 14, 2019 |
CVE-2019-5625 |
Halo Home Smart Lighting mobile app affected by insecure data storage and insecure direct object reference security issues |
Halo Home Smart Lighting Mobile App (Android & iOS) v1.9.0 and prior |
|
ETN-VA-2019-1003 |
Aug. 14, 2019 |
NA |
Multiple security vulnerabilities identified |
EasySoft v6.9 and prior |
|
ETN-VA-2019-1001 |
Jan. 16, 2019 |
CVE-2018-12031 |
Local file inclusion allows an attacker to include a file via directory traversal with the firmware parameter in a download firmware action |
Intelligent Power Manager (IPM) v1.62 and prior |
Notification ID |
Date |
CVE-ID |
Summary |
Affected Eaton Product(s) and Version(s) |
Download |
ETN-SB-2018-1008 |
Dec. 12, 2018 |
CVE-2017-0143, |
Wannacry ransomware infection reported in Eaton PLC XP 503 |
XP 503 |
|
ETN-VA-2018-1007 |
Dec. 5, 2018 |
NA |
Cross site scripting (XSS) vulnerability reported in xComfort Smart Home Controller-7.5 |
xComfort Smart Home Controller SHC-7.5-2.3.2 |
|
ETN-VA-2018-1006 |
Oct. 15, 2018 |
CVE-2018-9279 CVE-2018-9280 CVE-2018-9281 |
Multiple vulnerabilities in Network MS card |
Network MS card version LA and prior |
|
ETN-VA-2018-1005 |
Aug. 27, 2018 |
NA |
Product shipped with a public/private key pair on Power Xpert Meter hardware that allows passwordless authentication to any accessible Power Xpert Meter |
Power Xpert Meters 4000/6000/8000 v13.3 and prior |
|
ETN-VA-2018-1004 |
June 26, 2018 |
CVE-2018-8847 |
Multiple vulnerabilities reported in Eaton 9000X drive |
9000X drives v2.0.29 and prior |
|
ETN-VA-2018-1003 |
Feb. 15, 2018 |
CVE-2018-7511 |
Improper input validation can lead to remote code execution in ELC Soft software |
Eaton Logic Controller Software (ELC Soft) v2.04.02 and prior |
|
ETN-SB-2018-1000 |
Apr. 18, 2018 |
CVE-2017-0143, |
WannaCry security bulletin for Eaton's XC/XV and similar products |
XC/XV device family |
|
ETN-SB-2018-1001 |
Apr. 5, 2018 |
CVE-2017-0143, |
Wannacry security bulletin for Eaton's XP device family |
XP device family |
|
ETN-SB-2018-1002 |
Feb. 26, 2018 |
CVE-2017-5754 |
Meltdown and Spectre security bulletin for XV/XC/XP device family |
XV/XC/XP device family |
Notification ID |
Date |
CVE-ID |
Summary |
Affected Eaton Product(s) and Version(s) |
Download |
ETN-VA-2017-1001 |
Feb. 28, 2017 |
CVE-2016-9368 |
Unauthenticated access to backup and log files in xComfort ethernet communication interface card |
xComfort ECI1.07 and prior |
|
ETN-SB-2017-1000 |
July 10, 2017 |
CVE-2017-0144, CVE-2017-0145 |
Petya ransomware security bulletin for Eaton customers |
None of the Eaton Products are directly impacted |
Notification ID |
Date |
CVE-ID |
Summary |
Affected Eaton Product(s) and Version(s) |
Download |
ETN-VA-2016-1002 |
Nov. 15, 2016 |
CVE-2016-9357 |
Authentication bypass vulnerability leading to privilege escalation |
Eaton ePDU G2 v 01.01.0011 |
|
ETN-VA-2016-1001 |
June 1, 2016 |
CVE-2016-4509 |
Heap-based memory corruption and stack-based buffer overflow security issues in Eaton ELC software |
Eaton Logic Controller Software (ELC Soft) v2.04.01 and prior |
|
ETN-VA-2016-1000 |
Feb. 16, 2016 |
CVE-2016-2272 |
Authentication bypass using multiple security issues in Eaton iLight and iLumin products |
iLumin EG2-NA |
Notification ID |
Date |
CVE-ID |
Summary |
Affected Eaton Product(s) and Version(s) |
Download |
ETN-VA-2015-1003 |
Oct. 1, 2015 |
CVE-2014-9196 |
Predictable TCP sequence vulnerability in Eaton's Cooper Power Systems Form 6 controls and Idea/IdeaPLUS relays with ethernet application |
Form 6 control |
|
ETN-SB-2015-1002 |
Jan. 22, 2015 |
CVE-2015-0235 |
Security bulletin for GHOST which is a 'buffer overflow' bug affecting function calls in the glibc library that could potentially allow someone to execute remote code |
Multiple Eaton products |
|
ETN-VA-2015-1001 |
May 14, 2015 |
NA |
Arbitrary code execution in Eaton's visual designer |
Multiple Eaton products |
|
ETN-SB-2015-1000 |
Feb. 2, 2015 |
CVE-2014-9295 |
Network Time Protocol (NTP) 2.4.7 vulnerability |
Power XpertT Gateway models: |