Skip to main content

Ipp Software

5 CVEs product

Monthly

CVE-2026-22619 HIGH PATCH This Week

Arbitrary code execution in Eaton Intelligent Power Protector (IPP) software via insecure library loading allows local authenticated attackers with low privileges to execute code with elevated integrity impact across security boundaries. Attack complexity is high, requiring the attacker to have access to the software package installation files. EPSS data unavailable; no CISA KEV listing or public POC identified at time of analysis. Eaton has released a patched version available through their download center.

RCE Ipp Software
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-22618 MEDIUM PATCH This Month

Insecure HTTP response header configuration in Eaton Intelligent Power Protector (IPP) software enables attackers to perform web-based attacks including information disclosure and content modification. The vulnerability requires network access, unusual attack complexity, and user interaction (CVSS AV:N/AC:H/PR:N/UI:R), affecting all versions of IPP software prior to the patched release. No public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure Ipp Software
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-22617 MEDIUM PATCH This Month

Eaton Intelligent Power Protector (IPP) software uses insecure cookie configuration that allows network attackers to intercept session cookies via man-in-the-middle attack when high-privilege users interact with the application. CVSS 5.7 reflects the requirement for high privileges and user interaction, combined with high confidentiality and integrity impact. Eaton has released a patched version available on their download center.

Information Disclosure Ipp Software
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-22616 MEDIUM PATCH This Month

Eaton Intelligent Power Protector (IPP) software allows brute-force credential attacks against the web interface login page due to missing rate-limiting controls, enabling remote attackers to enumerate valid credentials and gain unauthorized access without authentication. CVSS 6.5 reflects moderate confidentiality and integrity impact via network access. Eaton has released a patched version available from their download center.

Information Disclosure Ipp Software
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22615 MEDIUM PATCH This Month

Eaton Intelligent Power Protector (IPP) software allows authenticated administrators with local system access to execute arbitrary commands via XML input validation bypass, requiring user interaction. The vulnerability impacts all versions of IPP software prior to the latest patched release available on Eaton's download center. CVSS score of 6.0 reflects high integrity and availability impact but is constrained by elevated privilege requirements and high attack complexity.

RCE Ipp Software
NVD VulDB
CVSS 3.1
6.0
EPSS
0.0%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Arbitrary code execution in Eaton Intelligent Power Protector (IPP) software via insecure library loading allows local authenticated attackers with low privileges to execute code with elevated integrity impact across security boundaries. Attack complexity is high, requiring the attacker to have access to the software package installation files. EPSS data unavailable; no CISA KEV listing or public POC identified at time of analysis. Eaton has released a patched version available through their download center.

RCE Ipp Software
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Insecure HTTP response header configuration in Eaton Intelligent Power Protector (IPP) software enables attackers to perform web-based attacks including information disclosure and content modification. The vulnerability requires network access, unusual attack complexity, and user interaction (CVSS AV:N/AC:H/PR:N/UI:R), affecting all versions of IPP software prior to the patched release. No public exploit code or active exploitation has been identified at time of analysis.

Information Disclosure Ipp Software
NVD
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Eaton Intelligent Power Protector (IPP) software uses insecure cookie configuration that allows network attackers to intercept session cookies via man-in-the-middle attack when high-privilege users interact with the application. CVSS 5.7 reflects the requirement for high privileges and user interaction, combined with high confidentiality and integrity impact. Eaton has released a patched version available on their download center.

Information Disclosure Ipp Software
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Eaton Intelligent Power Protector (IPP) software allows brute-force credential attacks against the web interface login page due to missing rate-limiting controls, enabling remote attackers to enumerate valid credentials and gain unauthorized access without authentication. CVSS 6.5 reflects moderate confidentiality and integrity impact via network access. Eaton has released a patched version available from their download center.

Information Disclosure Ipp Software
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Eaton Intelligent Power Protector (IPP) software allows authenticated administrators with local system access to execute arbitrary commands via XML input validation bypass, requiring user interaction. The vulnerability impacts all versions of IPP software prior to the latest patched release available on Eaton's download center. CVSS score of 6.0 reflects high integrity and availability impact but is constrained by elevated privilege requirements and high attack complexity.

RCE Ipp Software
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy