Cybersecurity

30 readers

12 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

founded 2 years ago

MODERATORS

shellsharks@fedia.io

tweedge@fedia.io

Couple of vulnerabilities I found from #Eaton Rack PDU G4: (infosec.exchange)

submitted 2 days ago by harrysintonen@infosec.exchange to c/cybersecurity@fedia.io

0 comments fedilink hide all child comments

Couple of vulnerabilities I found from #Eaton Rack PDU G4:

ETN-VA-2025-1002: Multiple vulnerabilities detected in Eaton G4 PDU

#CVE_2025_48393
CVSS v3.1 Base Score – 5.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack.

#CVE_2025_48394
CVSS v3.1 Base Score – 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

An attacker with authenticated and privileged access could modify the contents of a nonsensitive file by traversing the path in the limited shell of the CLI.

These vulnerabilities are fixed in firmware version 3.5.0 and later. It is recommended to upgrade the device firmware as soon as possible.

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1002.pdf

#infosec #cybersecurity

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here