Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Foreseer EPMS by Eaton

    CVE-2022-33859 (GCVE-0-2022-33859)

    Vulnerability from nvd – Published: 2022-10-28 01:15 – Updated: 2025-05-06 19:40
    VLAI
    Title
    Unrestricted file upload in Eaton Foreseer EPMS
    Summary
    A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html .
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File
    Assigner
    Impacted products
    Vendor Product Version
    Eaton Foreseer EPMS Affected: 7.0
    Affected: 4.0
    Create a notification for this product.
    Date Public
    2022-12-13 12:48
    Credits
    Michael
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:09:22.695Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://www.eaton.com/us/en-us/company/news-insights/cybersecurity/security-notifications.html",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.eaton.com/us/en-us/company/news-insights/cybersecurity/security-notifications.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-33859",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-06T19:40:16.330230Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-06T19:40:37.059Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Foreseer EPMS",
              "vendor": "Eaton",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "4.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Michael"
            }
          ],
          "datePublic": "2022-12-13T12:48:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation\u2019s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. \u003cbr\u003e\u003cbr\u003eThis vulnerability is present in versions 4.x, 5.x, 6.x \u0026amp; 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. \u003cbr\u003e\u003cbr\u003eCustomers are advised to update the software to the latest version (v7.6).\u003cbr\u003e\u003cbr\u003eForeseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please\u0026nbsp;refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html\"\u003eEnd-of-Support notification\u003c/a\u003e."
                }
              ],
              "value": "A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation\u2019s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. \n\nThis vulnerability is present in versions 4.x, 5.x, 6.x \u0026 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. \n\nCustomers are advised to update the software to the latest version (v7.6).\n\nForeseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please\u00a0refer to the  End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html ."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-18T06:20:11.855Z",
            "orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
            "shortName": "Eaton"
          },
          "references": [
            {
              "name": "https://www.eaton.com/us/en-us/company/news-insights/cybersecurity/security-notifications.html",
              "url": "https://www.eaton.com/us/en-us/company/news-insights/cybersecurity/security-notifications.html"
            }
          ],
          "source": {
            "advisory": "ETN",
            "discovery": "EXTERNAL"
          },
          "title": "Unrestricted file upload in Eaton Foreseer EPMS",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
        "assignerShortName": "Eaton",
        "cveId": "CVE-2022-33859",
        "datePublished": "2022-10-28T01:15:03.902Z",
        "dateReserved": "2022-06-15T00:00:00.000Z",
        "dateUpdated": "2025-05-06T19:40:37.059Z",
        "serial": 1,
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-33859 (GCVE-0-2022-33859)

    Vulnerability from cvelistv5 – Published: 2022-10-28 01:15 – Updated: 2025-05-06 19:40
    VLAI
    Title
    Unrestricted file upload in Eaton Foreseer EPMS
    Summary
    A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html .
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File
    Assigner
    Impacted products
    Vendor Product Version
    Eaton Foreseer EPMS Affected: 7.0
    Affected: 4.0
    Create a notification for this product.
    Date Public
    2022-12-13 12:48
    Credits
    Michael
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:09:22.695Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://www.eaton.com/us/en-us/company/news-insights/cybersecurity/security-notifications.html",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.eaton.com/us/en-us/company/news-insights/cybersecurity/security-notifications.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-33859",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-06T19:40:16.330230Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-06T19:40:37.059Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Foreseer EPMS",
              "vendor": "Eaton",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0"
                },
                {
                  "status": "affected",
                  "version": "4.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Michael"
            }
          ],
          "datePublic": "2022-12-13T12:48:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation\u2019s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. \u003cbr\u003e\u003cbr\u003eThis vulnerability is present in versions 4.x, 5.x, 6.x \u0026amp; 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. \u003cbr\u003e\u003cbr\u003eCustomers are advised to update the software to the latest version (v7.6).\u003cbr\u003e\u003cbr\u003eForeseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please\u0026nbsp;refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html\"\u003eEnd-of-Support notification\u003c/a\u003e."
                }
              ],
              "value": "A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation\u2019s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. \n\nThis vulnerability is present in versions 4.x, 5.x, 6.x \u0026 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. \n\nCustomers are advised to update the software to the latest version (v7.6).\n\nForeseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please\u00a0refer to the  End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html ."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-18T06:20:11.855Z",
            "orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
            "shortName": "Eaton"
          },
          "references": [
            {
              "name": "https://www.eaton.com/us/en-us/company/news-insights/cybersecurity/security-notifications.html",
              "url": "https://www.eaton.com/us/en-us/company/news-insights/cybersecurity/security-notifications.html"
            }
          ],
          "source": {
            "advisory": "ETN",
            "discovery": "EXTERNAL"
          },
          "title": "Unrestricted file upload in Eaton Foreseer EPMS",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
        "assignerShortName": "Eaton",
        "cveId": "CVE-2022-33859",
        "datePublished": "2022-10-28T01:15:03.902Z",
        "dateReserved": "2022-06-15T00:00:00.000Z",
        "dateUpdated": "2025-05-06T19:40:37.059Z",
        "serial": 1,
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }