Primary

Context

Eaton Network-M2 Improper Input Validation Vulnerability in NTP Server Configuration Allowing Command Execution

Vulnerability

A vulnerability allowing improper input validation has been identified in the NTP server configuration field of Eaton's Network-M2 card. This issue could enable an authenticated user with high privileges to execute arbitrary commands. The vulnerability has been addressed in version 3.0.4. However, it's important to note that the Network-M2 card has been declared end-of-life as of early 2024, with the Network-M3 card released as a fit-and-functional replacement.

Impact

Exploitation of this vulnerability could allow an authenticated high-privileged user to execute arbitrary commands on the affected device.

Remediation

Users can upgrade to version 3.0.4 to address this vulnerability. For those using the Network-M2 card, consider transitioning to the Network-M3 card, which is available as a fit-and-functional replacement.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Eaton Network-M2 Improper Input Validation Vulnerability in NTP Server Configuration Allowing Command Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating