CVE-2026-22615
Published: 16 April 2026
Summary
CVE-2026-22615 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Eaton Intelligent Power Protector. Its CVSS base score is 6.0 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the improper input validation vulnerability by requiring validation of XML inputs to prevent malicious code injection.
Ensures timely identification, reporting, and patching of the specific flaw in Eaton IPP software as provided in the vendor update.
Reduces the impact of arbitrary command execution by enforcing least privilege, limiting even admin-privileged actions on the local system.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper input validation in network-accessible XML component directly enables exploitation for arbitrary command execution (T1190) via injected code processed by command interpreter (T1059).
NVD Description
Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This…
more
security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre.
Deeper analysisAI
CVE-2026-22615 is an improper input validation vulnerability in the Eaton Intelligent Power Protector (IPP) XML component. It enables an attacker with administrative privileges and access to the local system to inject malicious code, resulting in arbitrary command execution. The issue, classified under CWE-20, affects the Eaton IPP software and carries a CVSS v3.1 base score of 6.0 (AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H), indicating medium severity with network vector, high attack complexity, required high privileges and user interaction, and impacts primarily to integrity and availability.
Exploitation requires an attacker to possess admin privileges on the local system where the IPP software is running, along with network access. The attacker can leverage the flaw by providing malformed input to the XML parser, tricking a privileged user into processing it, which leads to code injection and execution of arbitrary commands on the system. This could allow escalation of control over the affected power protection system, potentially disrupting operations or enabling further compromise.
Eaton has addressed the vulnerability in the latest version of the IPP software, available for download from the Eaton download center. Security practitioners should update to this patched version immediately. Additional details are provided in Eaton's security bulletin at https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1025.pdf.
Details
- CWE(s)