PT-2026-7071 · Eaton · Eaton Network M3
Published
2026-02-09
·
Updated
2026-02-09
·
CVE-2026-22613
CVSS v3.1
5.7
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Eaton Network M3 (affected versions not specified)
Description
The server identity check during firmware upgrades via the command shell is implemented insecurely, potentially enabling a Man-in-the-middle attack. This could allow an attacker to intercept and modify the firmware update process.
Recommendations
Update to the latest firmware version of Eaton Network M3, available on the Eaton download center.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eaton Network M3