CVE-2026-22613 | THREATINT

Description

The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton Network M3 which is available on the Eaton download center.

PUBLISHED Reserved 2026-01-08 | Published 2026-02-09 | Updated 2026-02-09 | Assigner Eaton

MEDIUM: 5.7CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

Problem types

CWE-295 Improper Certificate Validation

Product status

Default status

unaffected

Any version before 2.3.3

affected

References

www.eaton.com/...ity/security-bulletins/etn-va-2025-1002.pdf

cve.org (CVE-2026-22613)

nvd.nist.gov (CVE-2026-22613)

Download JSON