CVE-2018-16158

Name of the Vulnerable Software and Affected Versions Eaton Power Xpert Meter versions prior to 13.4.0.10

Description The issue allows remote attackers to perform SSH logins via the PubkeyAuthentication option, making it easier to gain access. This is due to a single SSH private key being used across different customers' installations, and access to this key is not properly restricted.

Recommendations For versions prior to 13.4.0.10, update to version 13.4.0.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the SSH private key to minimize the risk of exploitation.