Description
The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton

Network M3

which is available on the Eaton download center.
Published: 2026-02-09
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Man‑in‑the‑Middle during Firmware Upgrade
Action: Patch
AI Analysis

Impact

An insecure server identity check is used when the device performs a firmware upgrade via the command shell. The check does not properly validate the server’s certificate, which can allow a malicious actor to place themselves between the device and the upgrade host, intercepting the firmware download. Based on the description, it is inferred that the attacker could potentially substitute a tampered image. This flaw enables a Man‑in‑the‑Middle attack during firmware transfer.

Affected Systems

The vulnerability affects Eaton Network M3 devices that rely on the command‑shell interface for firmware updates. All firmware releases before the fix are susceptible; the latest firmware version issued by Eaton includes the corrective changes and is available on the Eaton download center.

Risk and Exploitability

The CVSS score of 5.7 indicates moderate overall risk. An EPSS score of under 1 % suggests a very low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. An attacker would need to interfere with the firmware update path or exploit the command shell to hijack the upgrade traffic. Once the attack is successful, based on the description, it is inferred that the attacker could supply a malicious firmware image, potentially compromising device operation. If the device is exposed to attackers who can reach the management interface or the network path used for upgrades, the risk remains significant.

Generated by OpenCVE AI on April 18, 2026 at 18:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to the latest Eaton Network M3 firmware that contains the fix
  • Disable or restrict command‑shell‑based firmware upgrades and enforce secure management protocols such as HTTPS or SSH for firmware transfer
  • Configure the device to perform proper certificate validation and secure transport before accepting firmware updates

Generated by OpenCVE AI on April 18, 2026 at 18:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
Title Insecure Server Identity Check During Firmware Upgrade Allows MITM Attacks

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Eaton
Eaton network M3
Vendors & Products Eaton
Eaton network M3

Mon, 09 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Feb 2026 06:15:00 +0000

Type Values Removed Values Added
Description The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which is available on the Eaton download center.
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L'}

Subscriptions

Eaton Network M3
cve-icon MITRE

Status: PUBLISHED

Assigner: Eaton

Published:

Updated: 2026-02-09T16:10:46.212Z

Reserved: 2026-01-08T04:55:11.726Z

Link: CVE-2026-22613

cve-icon Vulnrichment

Updated: 2026-02-09T16:10:42.568Z

cve-icon NVD

Status : Deferred

Published: 2026-02-09T06:16:24.360

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-22613

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:30:07Z

Weaknesses