CVE-2026-22617

Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:eaton:intelligent_power_protector:*:*:*:*:*:*:*:*

History

22 Apr 2026, 20:01

Type	Values Removed	Values Added
First Time		Eaton Eaton intelligent Power Protector
CPE		cpe:2.3:a:eaton:intelligent_power_protector::::::::
References	~~() https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf -~~	() https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf - Vendor Advisory

16 Apr 2026, 06:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-16 06:16

Updated : 2026-04-22 20:01

NVD link : CVE-2026-22617

Mitre link : CVE-2026-22617

CVE.ORG link : CVE-2026-22617

JSON object : View

Products Affected

eaton

intelligent_power_protector

CWE

CWE-614

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

5.7 /10