CVE-2026-22619 - Vulnerability Details

- Insecure Library Loading in Eaton Intelligent Power Protector Allows Code Execution

Description

Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download center.

Published: 2026-04-16

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises from insecure library loading in the Eaton Intelligent Power Protector executable. The weakness aligns with CWE-427. An attacker who can influence the software package can cause the system to load an attacker‑supplied library, leading to arbitrary code execution within the IPP process.

Affected Systems

The affected product is Eaton Intelligent Power Protector (IPP). Version information is not specified, but the issue affects releases prior to the latest update stated in the advisory and applies to all installations that run the vulnerable executable.

Risk and Exploitability

The CVSS score of 7.8 points to a high severity. The probability of exploitation is very low, as indicated by the EPSS score of less than 1 %. The vulnerability is not listed in the CISA KEV catalog. Likely attack scenarios involve the attacker having access to the software package or installation media, implying a local or supply‑chain vector. Once the vulnerable library is loaded, the attacker can execute code with the privileges of the IPP process, potentially gaining full control over the device.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Eaton

IPP software

unaffected

Version	Status	Constraints
`0`	affected	< 2.0

Configuration 1 [-]

cpe:2.3:a:eaton:intelligent_power_protector:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Eaton

Ipp Software

100%

Version	Status	Scheme	Platform
`[0,2.0)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Eaton Intelligent Power Protector to the latest version available on the Eaton download center.
Obtain the installer from the official Eaton download center to ensure authenticity.
Continuously monitor Eaton advisories for future security updates.

Generated by OpenCVE AI on April 17, 2026 at 09:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00028.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf

History

Wed, 22 Apr 2026 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Eaton intelligent Power Protector
CPEs		cpe:2.3:a:eaton:intelligent_power_protector::::::::
Vendors & Products		Eaton intelligent Power Protector

Fri, 17 Apr 2026 09:45:00 +0000

Type	Values Removed	Values Added
Title		Insecure Library Loading in Eaton Intelligent Power Protector Allows Code Execution

Fri, 17 Apr 2026 08:15:00 +0000

Type	Values Removed	Values Added
Title	Insecure Library Loading in Eaton Intelligent Power Protector Leading to Arbitrary Code Execution
Weaknesses	CWE-917

Thu, 16 Apr 2026 13:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-427
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 16 Apr 2026 09:15:00 +0000

Type	Values Removed	Values Added
Title		Insecure Library Loading in Eaton Intelligent Power Protector Leading to Arbitrary Code Execution
Weaknesses		CWE-917

Thu, 16 Apr 2026 06:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Eaton Eaton ipp Software
Vendors & Products		Eaton Eaton ipp Software

Thu, 16 Apr 2026 05:45:00 +0000

Type	Values Removed	Values Added
Description		Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download center.
References		https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

Subscriptions

Eaton Intelligent Power Protector Ipp Software

MITRE

Status: PUBLISHED

Assigner: Eaton

Published: 2026-04-16T05:26:48.952Z

Updated: 2026-04-16T12:59:37.700Z

Reserved: 2026-01-08T04:55:11.730Z

Link: CVE-2026-22619

Vulnrichment

Updated: 2026-04-16T12:59:13.712Z

NVD

Status : Analyzed

Published: 2026-04-16T06:16:10.413

Modified: 2026-04-22T20:00:25.783

Link: CVE-2026-22619

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T09:30:14Z

Weaknesses

CWE-427

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object