Vulnerability Description
A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html .
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eaton | Foreseer Electrical Power Monitoring System | >= 4.0, < 7.6 |
Related Weaknesses (CWE)
References
- https://www.eaton.com/us/en-us/company/news-insights/cybersecurity/security-notiVendor Advisory
- https://www.eaton.com/us/en-us/company/news-insights/cybersecurity/security-notiVendor Advisory
FAQ
What is CVE-2022-33859?
CVE-2022-33859 is a vulnerability with a CVSS score of 8.1 (HIGH). A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unpl...
How severe is CVE-2022-33859?
CVE-2022-33859 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-33859?
Check the references section above for vendor advisories and patch information. Affected products include: Eaton Foreseer Electrical Power Monitoring System.