CVE-2026-22616
Received Received - Intake
Authentication Bypass via Insufficient Rate Limiting in Eaton IPP

Publication date: 2026-04-16

Last updated on: 2026-04-22

Assigner: Eaton

Description
Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton download centre.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-16
Last Modified
2026-04-22
Generated
2026-06-16
AI Q&A
2026-04-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22616
EUVD
EUVD-2026-23175
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
eaton intelligent_power_protector to 2.00 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-307 The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can allow attackers to perform brute force attacks on the login page, potentially leading to unauthorized access if valid credentials are discovered. It may result in compromised confidentiality and integrity of the system.

Mitigation Strategies

To mitigate this vulnerability, update Eaton Intelligent Power Protector (IPP) software to the latest version available on the Eaton download centre where the issue has been fixed.

Executive Summary

The vulnerability in Eaton Intelligent Power Protector (IPP) software allows an attacker to make repeated authentication attempts against the web interface login page because the software lacks sufficient rate-limiting controls.

Compliance Impact

The vulnerability in Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts due to insufficient rate-limiting controls. This could potentially increase the risk of unauthorized access to the system.

Such unauthorized access risks may impact compliance with standards and regulations like GDPR and HIPAA, which require adequate security measures to protect sensitive data and prevent unauthorized access.

However, the provided information does not explicitly state the direct impact on compliance with these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22616. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart