CVE-2018-16158

CRITICAL

Eaton Power Xpert Meter 4000 Firmware - Hard-coded Credentials

Title source: rule

Description

Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.

Exploits (1)

metasploit WORKING POC

by BrianWGray · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ssh/eaton_xpert_backdoor.rb

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/PXM-Advisory.pdf

[Exploit, Third Party Advisory] https://www.ctrlu.net/vuln/0006.html

[Exploit, Third Party Advisory] https://github.com/BrianWGray/msf/blob/master/exploits/linux/ssh/eaton_known_privkey.rb

Scores

CVSS v3 9.8

EPSS 0.7001

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-798

Status published

Products (3)

eaton/power_xpert_meter_4000_firmware < 13.4.0.10

eaton/power_xpert_meter_6000_firmware < 13.4.0.10

eaton/power_xpert_meter_8000_firmware < 13.4.0.10

Published Aug 30, 2018

Tracked Since Feb 18, 2026