Filtered by vendor Eaton Subscriptions
Total 46 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-6471 1 Eaton 1 Proview 2024-11-21 N/A
Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data.
CVE-2014-9196 1 Eaton 1 Proview 2024-11-21 N/A
Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 controls and Idea and IdeaPLUS relays generates TCP initial sequence number (ISN) values linearly, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.
CVE-2008-6816 1 Eaton 1 Network Shutdown Module 2024-11-21 N/A
Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php.
CVE-2024-31416 1 Eaton 1 Foreseer Electrical Power Monitoring System 2024-09-19 5.6 Medium
The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result in excessive memory consumption or integer overflow.
CVE-2024-31415 1 Eaton 1 Foreseer Electrical Power Monitoring System 2024-09-19 6.3 Medium
The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store these configurations securely on the host machine. However, the keys used for this encryption were insecurely stored, which could be abused to possibly change or remove the server configuration.
CVE-2024-31414 1 Eaton 1 Foreseer Electrical Power Monitoring System 2024-09-19 6.7 Medium
The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sanitization on the server-side, which could lead to injection and execution of malicious scripts when abused by bad actors.