External risk intelligence

Eaton Intelligent Power Protector could allow internal attacker to run unauthorized code.

CVE advisorySeverity: CRITICAL (CVSS 9.9)

CVE-2026-22619

An internal attacker could exploit Eaton Intelligent Power Protector to run unauthorized code on the host system. This allows them to gain administrative control over critical power management infrastructure, potentially compromising the underlying server.

1Halo Surface Signal

Eaton Intelligent Power Protector

before 2.00

External exposure likelihood

Halo Surface Signal score for CVE-2026-22619

This vulnerability requires an attacker to already possess local file system access to place a malicious library file in a specific directory. It is not an internet-reachable network service or web-accessible endpoint, making it a local-only operation that cannot be triggered directly from the public internet.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

Eaton Intelligent Power Protector (IPP) has a security flaw where a malicious library could be loaded, potentially allowing for arbitrary code execution. This is concerning because it impacts critical infrastructure management software, and attackers with existing access could exploit it.

  • Remote code execution is possible.
  • Affects critical infrastructure management.
  • Requires access to the software package.

Attack Path

How an attacker could exploit the issue

An attacker with local access to the Eaton Intelligent Power Protector software package can exploit this flaw to achieve arbitrary code execution. By placing a malicious dynamic library in a specific location, they can trick the executable into loading and running their code when it starts or is otherwise invoked.

  • Requires file system access.
  • Targets vulnerable executable loading.
  • Precondition: Attacker can place files.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability, a DLL hijacking flaw, presents a moderate attractiveness to attackers. While it allows for arbitrary code execution, it requires an attacker to first gain access to the software package, limiting its appeal for mass exploitation. However, the critical severity indicates significant impact if successfully weaponized.

  • Requires prior access to software.
  • No public exploits observed.
  • Recency signal weak.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize patching Eaton Intelligent Power Protector (IPP) to the latest version to address insecure library loading, which could allow arbitrary code execution. If immediate patching is not feasible, isolate affected systems to prevent potential compromise.

  • Update Eaton Intelligent Power Protector to the latest version.
  • Isolate affected IPP systems from the network.
  • Monitor for unusual file activity within IPP directories.

Frequently asked questions

What is Eaton Intelligent Power Protector (IPP)?

Eaton Intelligent Power Protector (IPP) is software designed to manage and gracefully shut down network devices during power disruptions, preventing data loss and saving work-in-progress. It is part of Eaton's power network management system and works with Intelligent Power Manager for comprehensive power protection.

What vulnerability class does CVE-2026-22619 fall under?

CVE-2026-22619 is classified as an insecure library loading vulnerability, specifically a CWE-427: Uncontrolled Search Path Element. This means the software may load libraries from directories not properly controlled by the application, creating an opportunity for attacks like DLL hijacking.

How can an attacker exploit CVE-2026-22619?

An attacker with local access to the Eaton IPP software package can exploit this flaw by placing a malicious DLL in a specific location where the application searches for libraries. When the application loads this malicious DLL, arbitrary code can be executed with the privileges of the IPP application.

What is the potential impact of CVE-2026-22619 on critical infrastructure?

Successful exploitation of CVE-2026-22619 can lead to arbitrary code execution within the context of the IPP application, potentially allowing attackers to compromise UPS management systems and critical power infrastructure. This could have significant implications for business continuity and system availability.

How can users mitigate the risk of CVE-2026-22619?

The primary remediation is to update Eaton Intelligent Power Protector (IPP) to the latest patched version, specifically version 2.0 or later, which addresses this vulnerability. If immediate patching is not feasible, Eaton recommends isolating affected systems and ensuring the software is sourced only from official Eaton download centers.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified