Eaton Intelligent Power Protector Unsecured Login Cookie Exposes User Accounts

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.7

Eaton Intelligent Power Protector Unsecured Login Cookie Exposes User Accounts

CVE-2026-22617

Summary

The Eaton Intelligent Power Protector software uses a weak login cookie that can be intercepted by an attacker on the same network. This could allow an unauthorized person to access your account and control your power protection settings. Update to the latest version of Eaton Intelligent Power Protector to fix this security issue.

Original title

Original description

Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre.

nvd CVSS3.1 5.7

Vulnerability type

CWE-614

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/secu...

Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026