Eaton ePDU Path Traversal Vulnerability

Risk Summary

Independent researcher Maxim Rupp has identified a path traversal vulnerability in certain legacy Eaton ePDUs. Although the affected products are past end-of-life (EoL) and is no longer supported, Eaton has provided defense-in-depth mitigation instructions to protect devices that are still in use.

CVEs (1)

Remediations

• Eaton declared these products EoL on January 31, 2014, and June 30, 2015. Eaton recommends that users of the affected legacy products follow the recommendations outlined in the Defense in depth section of Eaton's whitepaper titled Cybersecurity considerations for electrical distribution systems. It is located at:
• Additional information regarding these and other legacy products can be found on the Eaton web site.

Affected Vendors

Affected Products (5)