Primary

Context

Eaton Firmware Upgrade Server Identity Check Vulnerability Allowing Man-in-the-Middle Attacks

Vulnerability

A vulnerability exists in the server identity check mechanism for firmware upgrades conducted through the command shell. The implementation is insecure, potentially enabling an attacker to execute a man-in-the-middle attack. This issue has been addressed in the latest version available on the Eaton Download Center.

Impact

Exploitation of this vulnerability could lead to unauthorized interception and manipulation of firmware upgrade processes, allowing an attacker to introduce malicious firmware or disrupt the upgrade process.

Remediation

Users are advised to update to the latest version available on the Eaton Download Center.

Added: Aug 6, 2025, 4:26 PM

Updated: Aug 6, 2025, 4:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

5.9

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

5.9

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Eaton Firmware Upgrade Server Identity Check Vulnerability Allowing Man-in-the-Middle Attacks

Vulnerability

Impact

Remediation

Affected Products

Eaton

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating