CVE-2026-22617

MEDIUM5.7

Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack

Published Apr 16, 2026

Modified 2 months ago

Details

Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre.

References

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2026-22617

WEB

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf

CVSS Analysis

CVSS v3.1

5.7

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

HighPR:H

User Interaction

RequiredUI:R

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

NoneA:N

5.7/CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

Weakness Type (CWE)

Other

CWE-614

Ecosystems

Timeline

PublishedApr 16, 2026

ModifiedApr 16, 2026