Search
Find a vulnerability
Search criteria
4 vulnerabilities found for xcomfort_ethernet_communication_interface by eaton
CVE-2025-59886 (GCVE-0-2025-59886)
Vulnerability from nvd – Published: 2025-12-23 11:31 – Updated: 2025-12-23 14:43 Unsupported When Assigned
VLAI
Summary
Improper input validation at one of the endpoints of Eaton xComfort ECI's
web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity
standards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the
product. Upon retirement or end of support, there will be no new security updates, non-security
updates, or paid assisted support options, or online technical content updates.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eaton | Eaton xComfort ECI |
Affected:
0 , ≤ All versions
(custom)
|
Date Public
2025-12-23 11:19
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-23T14:43:16.660829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T14:43:39.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eaton xComfort ECI",
"vendor": "Eaton",
"versions": [
{
"lessThanOrEqual": "All versions",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-12-23T11:19:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation at one of the endpoints of Eaton xComfort ECI\u0027s \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eweb interface\u003c/span\u003e, could lead into an attacker with network access to the device executing privileged user commands.\u0026nbsp;As cybersecurity\nstandards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the\nproduct. Upon retirement or end of support, there will be no new security updates, non-security\nupdates, or paid assisted support options, or online technical content updates."
}
],
"value": "Improper input validation at one of the endpoints of Eaton xComfort ECI\u0027s \n\nweb interface, could lead into an attacker with network access to the device executing privileged user commands.\u00a0As cybersecurity\nstandards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the\nproduct. Upon retirement or end of support, there will be no new security updates, non-security\nupdates, or paid assisted support options, or online technical content updates."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T11:31:31.339Z",
"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
"shortName": "Eaton"
},
"references": [
{
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1022.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
"assignerShortName": "Eaton",
"cveId": "CVE-2025-59886",
"datePublished": "2025-12-23T11:31:31.339Z",
"dateReserved": "2025-09-23T08:34:05.389Z",
"dateUpdated": "2025-12-23T14:43:39.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-9368 (GCVE-0-2016-9368)
Vulnerability from nvd – Published: 2017-03-14 09:02 – Updated: 2024-08-06 02:50
VLAI
Summary
An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-061-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Eaton xComfort Ethernet Communication Interface |
Affected:
Eaton xComfort Ethernet Communication Interface
|
Date Public
2017-03-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:37.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-061-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eaton xComfort Ethernet Communication Interface",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Eaton xComfort Ethernet Communication Interface"
}
]
}
],
"datePublic": "2017-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-14T08:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-061-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-9368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eaton xComfort Ethernet Communication Interface",
"version": {
"version_data": [
{
"version_value": "Eaton xComfort Ethernet Communication Interface"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-061-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-061-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-9368",
"datePublished": "2017-03-14T09:02:00.000Z",
"dateReserved": "2016-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:50:37.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59886 (GCVE-0-2025-59886)
Vulnerability from cvelistv5 – Published: 2025-12-23 11:31 – Updated: 2025-12-23 14:43 Unsupported When Assigned
VLAI
Summary
Improper input validation at one of the endpoints of Eaton xComfort ECI's
web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity
standards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the
product. Upon retirement or end of support, there will be no new security updates, non-security
updates, or paid assisted support options, or online technical content updates.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eaton | Eaton xComfort ECI |
Affected:
0 , ≤ All versions
(custom)
|
Date Public
2025-12-23 11:19
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-23T14:43:16.660829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T14:43:39.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eaton xComfort ECI",
"vendor": "Eaton",
"versions": [
{
"lessThanOrEqual": "All versions",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-12-23T11:19:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation at one of the endpoints of Eaton xComfort ECI\u0027s \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eweb interface\u003c/span\u003e, could lead into an attacker with network access to the device executing privileged user commands.\u0026nbsp;As cybersecurity\nstandards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the\nproduct. Upon retirement or end of support, there will be no new security updates, non-security\nupdates, or paid assisted support options, or online technical content updates."
}
],
"value": "Improper input validation at one of the endpoints of Eaton xComfort ECI\u0027s \n\nweb interface, could lead into an attacker with network access to the device executing privileged user commands.\u00a0As cybersecurity\nstandards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the\nproduct. Upon retirement or end of support, there will be no new security updates, non-security\nupdates, or paid assisted support options, or online technical content updates."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T11:31:31.339Z",
"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
"shortName": "Eaton"
},
"references": [
{
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1022.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759",
"assignerShortName": "Eaton",
"cveId": "CVE-2025-59886",
"datePublished": "2025-12-23T11:31:31.339Z",
"dateReserved": "2025-09-23T08:34:05.389Z",
"dateUpdated": "2025-12-23T14:43:39.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-9368 (GCVE-0-2016-9368)
Vulnerability from cvelistv5 – Published: 2017-03-14 09:02 – Updated: 2024-08-06 02:50
VLAI
Summary
An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-061-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Eaton xComfort Ethernet Communication Interface |
Affected:
Eaton xComfort Ethernet Communication Interface
|
Date Public
2017-03-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:37.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-061-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eaton xComfort Ethernet Communication Interface",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Eaton xComfort Ethernet Communication Interface"
}
]
}
],
"datePublic": "2017-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-14T08:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-061-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-9368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eaton xComfort Ethernet Communication Interface",
"version": {
"version_data": [
{
"version_value": "Eaton xComfort Ethernet Communication Interface"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Eaton xComfort Ethernet Communication Interface (ECI) Versions 1.07 and prior. By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access files without authenticating."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-061-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-061-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-9368",
"datePublished": "2017-03-14T09:02:00.000Z",
"dateReserved": "2016-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:50:37.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}