Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Intelligent Power Protector (IPP) by Eaton
CVE-2022-33862 (GCVE-0-2022-33862)
Vulnerability from nvd – Published: 2024-11-25 08:54 – Updated: 2024-11-25 13:56
VLAI
Title
Improper access control mechanism in IPP
Summary
IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could
lead attackers to identify and access vulnerable systems.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Eaton | Intelligent Power Protector (IPP) |
Affected:
0 , < 1.71
(custom)
|
|
| eaton | intelligent_power_protector |
Affected:
0 , < 1.71
(custom)
cpe:2.3:a:eaton:intelligent_power_protector:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eaton:intelligent_power_protector:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intelligent_power_protector",
"vendor": "eaton",
"versions": [
{
"lessThan": "1.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-33862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T13:56:01.808121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T13:56:45.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Intelligent Power Protector (IPP)",
"vendor": "Eaton",
"versions": [
{
"lessThan": "1.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could\nlead attackers to identify and access vulnerable systems."
}
],
"value": "IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could\nlead attackers to identify and access vulnerable systems."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T08:54:39.616Z",
"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
"shortName": "Eaton"
},
"references": [
{
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/ETN-VA-2022-1011.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Eaton has remediated the vulnerabilities in IPP software version 1.71.\n\n\u003cbr\u003e"
}
],
"value": "Eaton has remediated the vulnerabilities in IPP software version 1.71."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper access control mechanism in IPP",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
"assignerShortName": "Eaton",
"cveId": "CVE-2022-33862",
"datePublished": "2024-11-25T08:54:39.616Z",
"dateReserved": "2022-06-15T21:05:25.314Z",
"dateUpdated": "2024-11-25T13:56:45.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33862 (GCVE-0-2022-33862)
Vulnerability from cvelistv5 – Published: 2024-11-25 08:54 – Updated: 2024-11-25 13:56
VLAI
Title
Improper access control mechanism in IPP
Summary
IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could
lead attackers to identify and access vulnerable systems.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Eaton | Intelligent Power Protector (IPP) |
Affected:
0 , < 1.71
(custom)
|
|
| eaton | intelligent_power_protector |
Affected:
0 , < 1.71
(custom)
cpe:2.3:a:eaton:intelligent_power_protector:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eaton:intelligent_power_protector:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "intelligent_power_protector",
"vendor": "eaton",
"versions": [
{
"lessThan": "1.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-33862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T13:56:01.808121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T13:56:45.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Intelligent Power Protector (IPP)",
"vendor": "Eaton",
"versions": [
{
"lessThan": "1.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could\nlead attackers to identify and access vulnerable systems."
}
],
"value": "IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could\nlead attackers to identify and access vulnerable systems."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T08:54:39.616Z",
"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
"shortName": "Eaton"
},
"references": [
{
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/ETN-VA-2022-1011.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Eaton has remediated the vulnerabilities in IPP software version 1.71.\n\n\u003cbr\u003e"
}
],
"value": "Eaton has remediated the vulnerabilities in IPP software version 1.71."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper access control mechanism in IPP",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
"assignerShortName": "Eaton",
"cveId": "CVE-2022-33862",
"datePublished": "2024-11-25T08:54:39.616Z",
"dateReserved": "2022-06-15T21:05:25.314Z",
"dateUpdated": "2024-11-25T13:56:45.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}