cvedb.io
CVE-2022-33859
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2022-10-28T02:15:17.343 · Last modified 2026-06-17T04:49:23.160

Summary

A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/e

Affected products

eaton — foreseer_electrical_power_monitoring_system

Does this affect you?

Add your gear to cvedb and we'll alert you only when eaton ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.