Select your location

Security notifications

Our dedicated team of cybersecurity experts provides guidance on potential security threats or vulnerabilities for Eaton products and solutions.

Browse our library of security and technical advisories and bulletins.

Notification ID

Date

CVE-ID

Summary

Affected Eaton Product(s) and Version(s)

Download

ETN-SB-2020-1008 Jun 23, 2020 Multiple (See the advisory) Multiple security vulnerabilities termed "Ripple20" impacting Treck Inc.'s TCP/IP stack CL-7 voltage regulator control
Form 4D recloser control
Form 6 recloser control
Edison Idea and IdeaPLUS relays (all variants)
Metered Input Power Distribution Units
Metered Outlet Power Distribution Units
Managed Power Distribution Units
High Density Power Distribution Units

PDF

ETN-VA-2020-1004 May 4, 2020

CVE-2020-6651

CVE-2020-6652
Improper input validation and improper privilege assignment vulnerabilities. Intelligent Power Manager (IPM) v1.67 & prior

PDF

ETN-VA-2020-1003

Mar. 20, 2020

CVE-2020-6650

Arbitrary code execution through "Update Manager" Class

Eaton UPS Companion Software v 1.05 & Prior

PDF

ETN-VA-2020-1002 Apr. 17, 2020 CVE-2020-10639, CVE-2020-10637 Multiple Security vulnerabilities in HMi Soft VU3 HMiSoft VU3 v 3.00.23 & prior (HMIVU runtime is not impacted)

PDF

ETN-SB-2020-1001 Jun. 10, 2020

CVE-2020-6996 Stack based buffer overflow in Triangle Microworks DNP3 Library Affected Eaton Products & Versions - Form 4D recloser control, CL-7 voltage regulator control, Grid Advisor Series II smart sensor, CBC-8000, PXM 4/6/8K, SMP SG-4250, SMP SG-4260, SMP 4/DP, SMP 16, SMP 4 

PDF

ETN-SB-2020-1000

Feb. 5, 2020

CVE-2017-2780
CVE-2017-2781

Buffer overflow in the X509 certificate parsing functionality

SMP SG-4250, SMP SG-4260, SMP 16, SMP 4 and SMP  4/DP with

  • All 8.0 versions previous to 8.0R5
  • All 7.2 versions previous to 7.2R5
  • All 7.1 versions previous to 7.1R5
  • All 7.0 versions
  • All 6.3 versions previous to 6.3R7

PDF

spacer

Notification ID

Date

CVE ID

Summary

Affected Eaton Product(s) and Version(s)

Download

ETN-VA-2019-1005

Oct. 15, 2019

NA

CGLine Security Advisory

CGLine + Web Controller v Z1000.h and earlier
CGVision v 6.02 to 6.40

PDF

ETN-VA-2019-1004

Sep. 10, 2019

CVE-2013-2566,
CVE-2014-3566,
CVE-2015-2808, CVE-2015-4000,
CVE-2016-0800,
CVE-2016-2183,
CVE-2016-6329

Insecure and weak cipher suites supported by SSL certificate used for Intelligent Power Protector

Intelligent Power Protector (IPP) v1.61 and prior

PDF

ETN-SB-2019-1000

June 5, 2019

CVE-2019-0708

Remote code execution issue reported in remote desktop services of Windows termed as BlueKeep

Eaton products are not directly affected

PDF

ETN-VA-2019-1002

May 14, 2019

CVE-2019-5625

Halo Home Smart Lighting mobile app affected by insecure data storage and insecure direct object reference security issues

Halo Home Smart Lighting Mobile App (Android & iOS) v1.9.0 and prior

PDF

ETN-VA-2019-1003

Aug. 14, 2019

NA

Multiple security vulnerabilities identified

EasySoft v6.9 and prior

PDF

ETN-VA-2019-1001

Jan. 16, 2019

CVE-2018-12031

Local file inclusion allows an attacker to include a file via directory traversal with the firmware parameter in a download firmware action

Intelligent Power Manager (IPM) v1.62 and prior

PDF

spacer

Notification ID

Date

CVE-ID

Summary

Affected Eaton Product(s) and Version(s)

Download

ETN-SB-2018-1008

Dec. 12, 2018

CVE-2017-0143,
CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148

Wannacry ransomware infection reported in Eaton PLC XP 503

XP 503

PDF

ETN-VA-2018-1007

Dec. 5, 2018

NA

Cross site scripting (XSS) vulnerability reported in xComfort Smart Home Controller-7.5

xComfort Smart Home Controller SHC-7.5-2.3.2

PDF

ETN-VA-2018-1006

Oct. 15, 2018

CVE-2018-9279 CVE-2018-9280 CVE-2018-9281

Multiple vulnerabilities in Network MS card

Network MS card  version LA and prior

PDF

ETN-VA-2018-1005

Aug. 27, 2018

NA

Product shipped with a public/private key pair on Power Xpert Meter hardware that allows  passwordless authentication to any accessible Power Xpert Meter

Power Xpert Meters 4000/6000/8000 v13.3 and prior

PDF

ETN-VA-2018-1004

June 26, 2018

CVE-2018-8847

Multiple vulnerabilities reported in Eaton 9000X drive

9000X drives v2.0.29 and prior

PDF

ETN-VA-2018-1003

Feb. 15, 2018

CVE-2018-7511

Improper input validation can lead to remote code execution in ELC Soft software

Eaton Logic Controller Software (ELC Soft) v2.04.02 and prior

PDF

ETN-SB-2018-1000

Apr. 18, 2018

CVE-2017-0143,
CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148

WannaCry security bulletin for Eaton's XC/XV and similar products

XC/XV device family

PDF

ETN-SB-2018-1001

Apr. 5, 2018

CVE-2017-0143,
CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148

Wannacry security bulletin for Eaton's XP device family

XP device family

PDF

ETN-SB-2018-1002

Feb. 26, 2018

CVE-2017-5754

Meltdown and Spectre security bulletin for XV/XC/XP device family

XV/XC/XP device family

PDF

spacer

Notification ID

Date

CVE-ID

Summary

Affected Eaton Product(s) and Version(s)

Download

ETN-VA-2017-1001

Feb. 28, 2017

CVE-2016-9368

Unauthenticated access to backup and log files in xComfort ethernet communication interface card

xComfort ECI1.07 and prior

PDF

ETN-SB-2017-1000

July 10, 2017

CVE-2017-0144, CVE-2017-0145

Petya ransomware security bulletin for Eaton customers

None of the Eaton Products are directly impacted

PDF

spacer

Notification ID

Date

CVE-ID

Summary

Affected Eaton Product(s) and Version(s)

Download

ETN-VA-2016-1002

Nov. 15, 2016

CVE-2016-9357

Authentication bypass vulnerability leading to privilege escalation

Eaton ePDU G2 v 01.01.0011

PDF

ETN-VA-2016-1001

June 1, 2016

CVE-2016-4509
CVE-2016-4512

Heap-based memory corruption and stack-based buffer overflow security issues in Eaton ELC software

Eaton Logic Controller Software (ELC Soft) v2.04.01 and prior

PDF

ETN-VA-2016-1000

Feb. 16, 2016

CVE-2016-2272
CVE-2016-0871

Authentication bypass using multiple security issues in Eaton iLight and iLumin products

iLumin EG2-NA
iLight EG2 v4.04p and prior

PDF

spacer

Notification ID

Date

CVE-ID

Summary

Affected Eaton Product(s) and Version(s)

Download

ETN-VA-2015-1003

Oct. 1, 2015

CVE-2014-9196

Predictable TCP sequence vulnerability in Eaton's Cooper Power Systems Form 6 controls and Idea/IdeaPLUS relays with ethernet application

Form 6 control
Idea/IdeaPLUS relays
(Pro View 4.0 through Pro View 5.0 software)

PDF

ETN-SB-2015-1002

Jan. 22, 2015

CVE-2015-0235

Security bulletin for GHOST which is a 'buffer overflow' bug affecting function calls in the glibc library that could potentially allow someone to execute remote code

Multiple Eaton products

PDF

ETN-VA-2015-1001

May 14, 2015

NA

Arbitrary code execution in Eaton's visual designer

Multiple Eaton products

PDF

ETN-SB-2015-1000

Feb. 2, 2015

CVE-2014-9295

Network Time Protocol (NTP) 2.4.7 vulnerability

Power XpertT Gateway models:
• PXG 200E
• PXG 400E
• PXG 600E
• PXG 800E

PDF

spacer