CVE-2026-22617

MEDIUM

Eaton IPP Software <2.0 - Auth Bypass

Title source: llm

Description

Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre.

References (1)

Core 1

Core References

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf

Scores

CVSS v3 5.7

EPSS 0.0017

EPSS Percentile 6.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-614

Status published

Products (2)

eaton/intelligent_power_protector < 2.00

Eaton/IPP Software < 2.0

Published Apr 16, 2026

Tracked Since Apr 16, 2026