cbcvebase.

Eaton Ipp Software vulnerabilities

5 known vulnerabilities affecting eaton/ipp_software.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4

Vulnerabilities

Page 1 of 1
CVE-2026-22619P2CRITICALCVSS 9.9fixed in 2.02026-04-16
CVE-2026-22619 [CRITICAL] CWE-427 CVE-2026-22619: Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, w Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download center.
nvd
CVE-2026-22615P3HIGHCVSS 7.2fixed in 2.02026-04-16
CVE-2026-22615 [HIGH] CWE-20 CVE-2026-22615: Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is po Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton
nvd
CVE-2026-22616P3HIGHCVSS 7.5fixed in 2.02026-04-16
CVE-2026-22616 [HIGH] CWE-307 CVE-2026-22616: Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton download centre.
nvd
CVE-2026-22617P3HIGHCVSS 7.4fixed in 2.02026-04-16
CVE-2026-22617 [HIGH] CWE-614 CVE-2026-22617: Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a n Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre.
nvd
CVE-2026-22618P4HIGHCVSS 7.1fixed in 2.02026-04-16
CVE-2026-22618 [HIGH] CWE-358 CVE-2026-22618: A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre.
nvd
Eaton Ipp Software vulnerabilities | cvebase