Primary

Context

Eaton Intelligent Power Protector Improper Input Validation Vulnerability Allowing Arbitrary Command Execution

Vulnerability

A vulnerability exists in Eaton Intelligent Power Protector (IPP) due to improper input validation in the XML handling. This issue allows an attacker with admin privileges and local system access to inject malicious code, leading to arbitrary command execution. The vulnerability has been addressed in the latest version of the Eaton IPP software, available for download from the Eaton download center.

Impact

Exploitation of this vulnerability could result in unauthorized arbitrary command execution on the affected system.

Remediation

Users are advised to update to the latest version of Eaton Intelligent Power Protector software, available on the Eaton download center.

Added: Apr 16, 2026, 5:31 AM

Updated: Apr 16, 2026, 5:31 AM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

10.0

exploitability

2.8

remediation

0.0

relevance

6.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

10.0

exploitability

2.8

remediation

0.0

relevance

6.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Eaton Intelligent Power Protector Improper Input Validation Vulnerability Allowing Arbitrary Command Execution

Vulnerability

Impact

Remediation

Affected Products

Eaton Intelligent Power Protector

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating