安全通知

我们的网络安全专家团队会提供指导,帮助您解决针对伊顿产品和解决方案的潜在安全威胁或漏洞。
网络安全通知仅支持英文版。

Notification ID

Date

CVE-ID

Summary

Affected Eaton Product(s) and Version(s)

Download

ETN-VA-2022-1008 07 July 2023 - Security issue in SMP Gateway automation platform
  • SMP SG-4260
  • SMP SG-4250
  • SMP 4/DP
  • SMP 16
PDF
ETN-VA-2023-1008 01 June 2023 - Vulnerability identified in Eaton's SecureConnect Eaton SecureConnect PDF
ETN-SB-2022-1004 22 May 2023 Multiple CVEs Updated Codesys Security Advisory
  • Form 7 recloser control
  • Proview NXG
  • XSOFT-CODESYS
  • XV103 (CEAG)
  • XC104
  • XC204
  • XC303
PDF
ETN-SB-2020-1008 17 March 2023 Multiple (See the advisory) Multiple security vulnerabilities termed "Ripple20" impacting Treck Inc.'s TCP/IP stack

CL-7 voltage regulator control
Form 4D recloser control
Form 6 recloser control
Edison Idea and IdeaPLUS relays (all variants)
Eaton G3/G3+ ePDU

  • Metered Input PDU
  • Metered Outlet PDU
  • Managed PDU
  • High Density PDU

Network Management Card Mini slot (NMC/Network-MS) card

  • Uninterrupted Power Supply (UPSs) with Network-MS card
  • Automatic Transfer Switch (ATS16) with Network-MS card

Modbus-MS card

  • Uninterrupted Power Supply (UPSs) with Modbus-MS card
PDF
spacer

Notification ID

Date

CVE-ID

Summary

Affected Eaton Product(s) and Version(s)

Download

ETN-SB-2022-1011 12 December 2022 CVE-2022-33861, CVE-2022-33862 Security Vulnerabilities in IPP versions All IPP versions released prior to 1.71 PDF
ETN-SB-2022-1012 29 November 2022 CVE-2022-3786, CVE-2022-3602 OpenSSL v3.0 vulnerabilities No Eaton products impacted PDF
ETN-VA-2022-1007 12 Oct 2022 CVE-2022-33859 Update on Foreseer EPMS Vulnerabilities
  • Foreseer EPMS versions 4.x, 5.x, 6.x and 7.0 to 7.5.
PDF     
ETN-SB-2022-1005 22 April 2022 - Security Bulletin for Pipedream CISA Alert: AA22-103A
  • None of the Eaton Products are directly impacted
PDF     
ETN-SB-2022-1003 15 July 2022 CVE-2022-22963, CVE-2022-22965 SpringShell Update
  • Yukon Multiple versions
PDF     
ETN-SB-2022-1002 25 April 2022 Alert APT Group Activity Alert
  • Refer Bulletin for additional information
PDF     
ETN-SB-2022-1001 16 March 2022 CVE-2022-22805,
CVE-2022-22807,
CVE-2022-0715
Vulnerabilities termed as TLStorm, their impact to Eaton products
  • None
PDF     
spacer

Notification ID

Date

CVE-ID

Summary

Affected Eaton Product(s) and Version(s)

Download

ETN-VA-2021-1001c 10- Apr-2022 CVE-2021-23284
CVE-2021-23285
CVE-2021-23286
IPM Infra Security Notifications
  • IPM Infrastructure
PDF     
ETN-VA-2021-1001a 1-Mar-22 CVE-2021-23282 IPM Security Notifications
  • IPM
PDF     
ETN-VA-2021-1001b 1-Mar-22 CVE-2021-23283 IPP Security Notifications
  • IPP
PDF     
ETN-VA-2021-1002a 1-Mar-22 CVE-2021-23287 IPM Security Notifications
  • IPM
PDF     
ETN-VA-2021-1002b 1-Mar-22 CVE-2021-23288 IPP Security Notifications
  • IPP
PDF     
ETN-SB-2021-1004 10- Feb-2022 2021-31400
2021-31401
2020-35683
2020-35684
2020-35685
EC4P Security Bulletin with EOL Notification
  • EC4P-222…
PDF     
ETN-SB-2021-1006 14-Feb-2022 CVE-2021-44228
CVE-2021-45046
CVE-2021-45105
CVE-2021-44832
Update on Critical Vulnerabilities reported in Apache log4j2
  • Updated Notification
PDF     
ETN-VA-2021-1000 Apr 12, 2021 CVE-2021-23276
CVE-2021-23277
CVE-2021-23278
CVE-2021-23279
CVE-2021-23280
CVE-2021-23281
Multiple security issues including SQLi, Code injection, Eval injection.
  • IPM v1.68, IPM VA v1.68, IPP v1.67
PDF     
spacer

Notification ID

Date

CVE-ID

Summary

Affected Eaton Product(s) and Version(s)

Download

ETN-SB-2020-1011 Mar 4, 2021 CVE-2020-14509, CVE-2020-14517, CVE-2020-14519, CVE-2020-14513, CVE-2020-14515, CVE-2020-16233 Multiple security vulnerabilities in Wibu-Systems AG Codemeter Runtime affecting Codesys products.
  • XSOFT CODESYS Development System
PDF     
ETN-VA-2020-1009

Jan 21, 2021

CVE-2020-6655, CVE-2020-6656

Multiple security issues in Eaton's easySoft Software v7.xx before 7.22 PDF
ETN-SB-2020-1013

Dec 17, 2020

Multiple (See Advisory)

Vulnerabilities impacting multiple embedded TCP/IP stacks termed AMNESIA:33 Refer advisory PDF
ETN-SB-2020-1001 Oct. 05, 2020

CVE-2020-6996 Stack based buffer overflow in Triangle Microworks DNP3 Library Affected Eaton Products & Versions - Form 4D recloser control, CL-7 voltage regulator control, Grid Advisor Series II smart sensor, CBC-8000, PXM 4/6/8K, SMP SG-4250, SMP SG-4260, SMP 4/DP, SMP 16, SMP 4 

PDF

ETN-VA-2020-1007 Sep 22, 2020 CVE-2020-6654 Application susceptible to DLL Hijacking vulnerability
  • 9000x programming and configuration software v2.0.38 & prior
PDF
ETN-VA-2020-1005 Aug 12, 2020 CVE-2020-6653 Information disclosure through logcat file

Secure Connect Mobile app v1.7.3 & Prior

PDF

ETN-SB-2020-1006 Aug 4 2020 CVE-2019-13470 MatrixSSL security vulnerability
  • SMP 4/DP – All 6.3, 7.0, 7.1, 7.2 versions and all 8.0 versions before 8.0R6  
  • SMP SG-4250 and SMP SG-4260 – All 7.0, 7.1, 7.2 versions and all 8.0 versions before 8.0R6 
  • SMP 16 – All 6.3, 7.0, 7.1, 7.2
PDF
ETN-VA-2020-1004 May 4, 2020

CVE-2020-6651

CVE-2020-6652
Improper input validation and improper privilege assignment vulnerabilities. Intelligent Power Manager (IPM) v1.67 & prior

PDF

ETN-VA-2020-1002 Apr. 17, 2020 CVE-2020-10639, CVE-2020-10637 Multiple Security vulnerabilities in HMi Soft VU3 HMiSoft VU3 v 3.00.23 & prior (HMIVU runtime is not impacted)

PDF

ETN-VA-2020-1003

Mar. 20, 2020

CVE-2020-6650

Arbitrary code execution through "Update Manager" Class

Eaton UPS Companion Software v 1.05 & Prior

PDF

ETN-SB-2020-1000

Feb. 5, 2020

CVE-2017-2780
CVE-2017-2781

Buffer overflow in the X509 certificate parsing functionality

SMP SG-4250, SMP SG-4260, SMP 16, SMP 4 and SMP  4/DP with

  • All 8.0 versions previous to 8.0R5
  • All 7.2 versions previous to 7.2R5
  • All 7.1 versions previous to 7.1R5
  • All 7.0 versions
  • All 6.3 versions previous to 6.3R7

PDF

           
spacer

Notification ID

Date

CVE ID

Summary

Affected Eaton Product(s) and Version(s)

Download

ETN-VA-2019-1005

Oct. 15, 2019

NA

CGLine Security Advisory

CGLine + Web Controller v Z1000.h and earlier
CGVision v 6.02 to 6.40

PDF

ETN-VA-2019-1004

Sep. 10, 2019

CVE-2013-2566,
CVE-2014-3566,
CVE-2015-2808, CVE-2015-4000,
CVE-2016-0800,
CVE-2016-2183,
CVE-2016-6329

Insecure and weak cipher suites supported by SSL certificate used for Intelligent Power Protector

Intelligent Power Protector (IPP) v1.61 and prior

PDF

ETN-SB-2019-1000

June 5, 2019

CVE-2019-0708

Remote code execution issue reported in remote desktop services of Windows termed as BlueKeep

Eaton products are not directly affected

PDF

ETN-VA-2019-1002

May 14, 2019

CVE-2019-5625

Halo Home Smart Lighting mobile app affected by insecure data storage and insecure direct object reference security issues

Halo Home Smart Lighting Mobile App (Android & iOS) v1.9.0 and prior

PDF

ETN-VA-2019-1003

Aug. 14, 2019

NA

Multiple security vulnerabilities identified

EasySoft v6.9 and prior

PDF

ETN-VA-2019-1001

Jan. 16, 2019

CVE-2018-12031

Local file inclusion allows an attacker to include a file via directory traversal with the firmware parameter in a download firmware action

Intelligent Power Manager (IPM) v1.62 and prior

PDF

spacer

Notification ID

Date

CVE-ID

Summary

Affected Eaton Product(s) and Version(s)

Download

ETN-SB-2018-1008

Dec. 12, 2018

CVE-2017-0143,
CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148

Wannacry ransomware infection reported in Eaton PLC XP 503

XP 503

PDF

ETN-VA-2018-1007

Dec. 5, 2018

NA

Cross site scripting (XSS) vulnerability reported in xComfort Smart Home Controller-7.5

xComfort Smart Home Controller SHC-7.5-2.3.2

PDF

ETN-VA-2018-1006

Oct. 15, 2018

CVE-2018-9279 CVE-2018-9280 CVE-2018-9281

Multiple vulnerabilities in Network MS card

Network MS card  version LA and prior

PDF

ETN-VA-2018-1005

Aug. 27, 2018

NA

Product shipped with a public/private key pair on Power Xpert Meter hardware that allows  passwordless authentication to any accessible Power Xpert Meter

Power Xpert Meters 4000/6000/8000 v13.3 and prior

PDF

ETN-VA-2018-1004

June 26, 2018

CVE-2018-8847

Multiple vulnerabilities reported in Eaton 9000X drive

9000X drives v2.0.29 and prior

PDF

ETN-VA-2018-1003

Feb. 15, 2018

CVE-2018-7511

Improper input validation can lead to remote code execution in ELC Soft software

Eaton Logic Controller Software (ELC Soft) v2.04.02 and prior

PDF

ETN-SB-2018-1000

Apr. 18, 2018

CVE-2017-0143,
CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148

WannaCry security bulletin for Eaton's XC/XV and similar products

XC/XV device family

PDF

ETN-SB-2018-1001

Apr. 5, 2018

CVE-2017-0143,
CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148

Wannacry security bulletin for Eaton's XP device family

XP device family

PDF

ETN-SB-2018-1002

Feb. 26, 2018

CVE-2017-5754

Meltdown and Spectre security bulletin for XV/XC/XP device family

XV/XC/XP device family

PDF

spacer