CVE-2026-22617 | THREATINT

Description

Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre.

PUBLISHED Reserved 2026-01-08 | Published 2026-04-16 | Updated 2026-04-16 | Assigner Eaton

MEDIUM: 5.7CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

Problem types

CWE-614 Sensitive cookie in HTTPS session without 'secure' attribute

Product status

Default status

unaffected

Any version before 2.0

affected

References

www.eaton.com/...ity/security-bulletins/etn-va-2025-1025.pdf

cve.org (CVE-2026-22617)

nvd.nist.gov (CVE-2026-22617)

Download JSON