Notification ID |
Date |
CVE-ID |
Summary |
Affected Eaton Product(s) and Version(s) |
Download |
ETN-VA-2022-1008 | 07 July 2023 | - | Security issue in SMP Gateway automation platform |
|
|
ETN-VA-2023-1008 | 01 June 2023 | - | Vulnerability identified in Eaton's SecureConnect | Eaton SecureConnect | |
ETN-SB-2022-1004 | 22 May 2023 | Multiple CVEs | Updated Codesys Security Advisory |
|
|
ETN-SB-2020-1008 | 17 March 2023 | Multiple (See the advisory) | Multiple security vulnerabilities termed "Ripple20" impacting Treck Inc.'s TCP/IP stack | CL-7 voltage regulator control
Network Management Card Mini slot (NMC/Network-MS) card
Modbus-MS card
|
Date |
CVE-ID |
Summary |
Affected Eaton Product(s) and Version(s) |
Download |
|
ETN-SB-2022-1011 | 12 December 2022 | CVE-2022-33861, CVE-2022-33862 | Security Vulnerabilities in IPP versions | All IPP versions released prior to 1.71 | |
ETN-SB-2022-1012 | 29 November 2022 | CVE-2022-3786, CVE-2022-3602 | OpenSSL v3.0 vulnerabilities | No Eaton products impacted | |
ETN-VA-2022-1007 | 12 Oct 2022 | CVE-2022-33859 | Update on Foreseer EPMS Vulnerabilities |
|
|
ETN-SB-2022-1005 | 22 April 2022 | - | Security Bulletin for Pipedream CISA Alert: AA22-103A |
|
|
ETN-SB-2022-1003 | 15 July 2022 | CVE-2022-22963, CVE-2022-22965 | SpringShell Update |
|
|
ETN-SB-2022-1002 | 25 April 2022 | Alert | APT Group Activity Alert |
|
|
ETN-SB-2022-1001 | 16 March 2022 | CVE-2022-22805, CVE-2022-22807, CVE-2022-0715 |
Vulnerabilities termed as TLStorm, their impact to Eaton products |
|
Notification ID |
Date |
CVE-ID |
Summary |
Affected Eaton Product(s) and Version(s) |
Download |
ETN-VA-2021-1001c | 10- Apr-2022 | CVE-2021-23284 CVE-2021-23285 CVE-2021-23286 |
IPM Infra Security Notifications |
|
|
ETN-VA-2021-1001a | 1-Mar-22 | CVE-2021-23282 | IPM Security Notifications |
|
|
ETN-VA-2021-1001b | 1-Mar-22 | CVE-2021-23283 | IPP Security Notifications |
|
|
ETN-VA-2021-1002a | 1-Mar-22 | CVE-2021-23287 | IPM Security Notifications |
|
|
ETN-VA-2021-1002b | 1-Mar-22 | CVE-2021-23288 | IPP Security Notifications |
|
|
ETN-SB-2021-1004 | 10- Feb-2022 | 2021-31400 2021-31401 2020-35683 2020-35684 2020-35685 |
EC4P Security Bulletin with EOL Notification |
|
|
ETN-SB-2021-1006 | 14-Feb-2022 | CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 CVE-2021-44832 |
Update on Critical Vulnerabilities reported in Apache log4j2 |
|
|
ETN-VA-2021-1000 | Apr 12, 2021 | CVE-2021-23276 CVE-2021-23277 CVE-2021-23278 CVE-2021-23279 CVE-2021-23280 CVE-2021-23281 |
Multiple security issues including SQLi, Code injection, Eval injection. |
|
Notification ID |
Date |
CVE-ID |
Summary |
Affected Eaton Product(s) and Version(s) |
Download |
ETN-SB-2020-1011 | Mar 4, 2021 | CVE-2020-14509, CVE-2020-14517, CVE-2020-14519, CVE-2020-14513, CVE-2020-14515, CVE-2020-16233 | Multiple security vulnerabilities in Wibu-Systems AG Codemeter Runtime affecting Codesys products. |
|
|
ETN-VA-2020-1009 |
Jan 21, 2021 |
CVE-2020-6655, CVE-2020-6656 |
Multiple security issues in Eaton's easySoft Software | v7.xx before 7.22 | |
ETN-SB-2020-1013 |
Dec 17, 2020 |
Multiple (See Advisory) |
Vulnerabilities impacting multiple embedded TCP/IP stacks termed AMNESIA:33 | Refer advisory | |
ETN-SB-2020-1001 | Oct. 05, 2020 |
CVE-2020-6996 | Stack based buffer overflow in Triangle Microworks DNP3 Library | Affected Eaton Products & Versions - Form 4D recloser control, CL-7 voltage regulator control, Grid Advisor Series II smart sensor, CBC-8000, PXM 4/6/8K, SMP SG-4250, SMP SG-4260, SMP 4/DP, SMP 16, SMP 4 | |
ETN-VA-2020-1007 | Sep 22, 2020 | CVE-2020-6654 | Application susceptible to DLL Hijacking vulnerability |
|
|
ETN-VA-2020-1005 | Aug 12, 2020 | CVE-2020-6653 | Information disclosure through logcat file | Secure Connect Mobile app v1.7.3 & Prior |
|
ETN-SB-2020-1006 | Aug 4 2020 | CVE-2019-13470 | MatrixSSL security vulnerability |
|
|
ETN-VA-2020-1004 | May 4, 2020 |
CVE-2020-6651 CVE-2020-6652 |
Improper input validation and improper privilege assignment vulnerabilities. | Intelligent Power Manager (IPM) v1.67 & prior | |
ETN-VA-2020-1002 | Apr. 17, 2020 | CVE-2020-10639, CVE-2020-10637 | Multiple Security vulnerabilities in HMi Soft VU3 | HMiSoft VU3 v 3.00.23 & prior (HMIVU runtime is not impacted) | |
ETN-VA-2020-1003 |
Mar. 20, 2020 |
CVE-2020-6650 |
Arbitrary code execution through "Update Manager" Class |
Eaton UPS Companion Software v 1.05 & Prior |
|
ETN-SB-2020-1000 |
Feb. 5, 2020 |
CVE-2017-2780 |
Buffer overflow in the X509 certificate parsing functionality |
SMP SG-4250, SMP SG-4260, SMP 16, SMP 4 and SMP 4/DP with
|
|
Notification ID |
Date |
CVE ID |
Summary |
Affected Eaton Product(s) and Version(s) |
Download |
ETN-VA-2019-1005 |
Oct. 15, 2019 |
NA |
CGLine Security Advisory |
CGLine + Web Controller v Z1000.h and earlier |
|
ETN-VA-2019-1004 |
Sep. 10, 2019 |
CVE-2013-2566, |
Insecure and weak cipher suites supported by SSL certificate used for Intelligent Power Protector |
Intelligent Power Protector (IPP) v1.61 and prior |
|
ETN-SB-2019-1000 |
June 5, 2019 |
CVE-2019-0708 |
Remote code execution issue reported in remote desktop services of Windows termed as BlueKeep |
Eaton products are not directly affected |
|
ETN-VA-2019-1002 |
May 14, 2019 |
CVE-2019-5625 |
Halo Home Smart Lighting mobile app affected by insecure data storage and insecure direct object reference security issues |
Halo Home Smart Lighting Mobile App (Android & iOS) v1.9.0 and prior |
|
ETN-VA-2019-1003 |
Aug. 14, 2019 |
NA |
Multiple security vulnerabilities identified |
EasySoft v6.9 and prior |
|
ETN-VA-2019-1001 |
Jan. 16, 2019 |
CVE-2018-12031 |
Local file inclusion allows an attacker to include a file via directory traversal with the firmware parameter in a download firmware action |
Intelligent Power Manager (IPM) v1.62 and prior |
Notification ID |
Date |
CVE-ID |
Summary |
Affected Eaton Product(s) and Version(s) |
Download |
ETN-SB-2018-1008 |
Dec. 12, 2018 |
CVE-2017-0143, |
Wannacry ransomware infection reported in Eaton PLC XP 503 |
XP 503 |
|
ETN-VA-2018-1007 |
Dec. 5, 2018 |
NA |
Cross site scripting (XSS) vulnerability reported in xComfort Smart Home Controller-7.5 |
xComfort Smart Home Controller SHC-7.5-2.3.2 |
|
ETN-VA-2018-1006 |
Oct. 15, 2018 |
CVE-2018-9279 CVE-2018-9280 CVE-2018-9281 |
Multiple vulnerabilities in Network MS card |
Network MS card version LA and prior |
|
ETN-VA-2018-1005 |
Aug. 27, 2018 |
NA |
Product shipped with a public/private key pair on Power Xpert Meter hardware that allows passwordless authentication to any accessible Power Xpert Meter |
Power Xpert Meters 4000/6000/8000 v13.3 and prior |
|
ETN-VA-2018-1004 |
June 26, 2018 |
CVE-2018-8847 |
Multiple vulnerabilities reported in Eaton 9000X drive |
9000X drives v2.0.29 and prior |
|
ETN-VA-2018-1003 |
Feb. 15, 2018 |
CVE-2018-7511 |
Improper input validation can lead to remote code execution in ELC Soft software |
Eaton Logic Controller Software (ELC Soft) v2.04.02 and prior |
|
ETN-SB-2018-1000 |
Apr. 18, 2018 |
CVE-2017-0143, |
WannaCry security bulletin for Eaton's XC/XV and similar products |
XC/XV device family |
|
ETN-SB-2018-1001 |
Apr. 5, 2018 |
CVE-2017-0143, |
Wannacry security bulletin for Eaton's XP device family |
XP device family |
|
ETN-SB-2018-1002 |
Feb. 26, 2018 |
CVE-2017-5754 |
Meltdown and Spectre security bulletin for XV/XC/XP device family |
XV/XC/XP device family |
(PDF 425 KB)
(PDF 147 KB)
()
(PDF 42 KB)
(PDF 49 KB)
(PDF 80 KB)
(PDF 747 KB)
(PDF 53 KB)
ePDU vulnerabilty ICS-VU-148812 communications—external website
(PDF 41 KB)
(PDF 49 KB)
(PDF 56 KB)
Multiple security vulnerabilities in Treck TCP/IP stack.
(PDF 96 KB)
(PDF 125 KB)
(PDF 77 KB)
(PDF 145 KB)
(PDF 57 KB)
(PDF 60 KB)
(PDF 78 KB)
(PDF 78 KB)
(PDF 78 KB)