CVE-2026-22618

MEDIUM

Eaton IPP software <2.0 - Security Misconfiguration

Title source: llm

Description

A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre.

References (1)

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf

Scores

CVSS v3 5.9

EPSS 0.0001

EPSS Percentile 1.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-358

Status published

Products (2)

eaton/intelligent_power_protector < 2.00

Eaton/IPP software < 2.0

Published Apr 16, 2026

Tracked Since Apr 16, 2026