CVE-2022-33859

Name of the Vulnerable Software and Affected Versions Eaton Foreseer EPMS versions 4.x through 7.5

Description A security issue was discovered in the Eaton Foreseer EPMS software, which connects devices to reduce energy consumption and prevent unplanned downtime. The problem allows a threat actor to upload arbitrary files using the file upload feature.

Recommendations For versions 7.0 through 7.5, update the software to the latest version (v7.6). For versions 4.x, 5.x, and 6.x, refer to the End-of-Support notification as these versions are no longer supported by Eaton. As a temporary workaround for currently supported versions, consider implementing the provided mitigation until the update to version 7.6 can be applied.