CVE-2026-22617

Medium

Published: 16 April 2026

Published

16 April 2026

Modified

22 April 2026

KEV Added

—

Patch

—

CVSS Score 5.7 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

EPSS Score 0.0001 0.7th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22617 is a medium-severity Sensitive Cookie in HTTPS Session Without 'Secure' Attribute (CWE-614) vulnerability in Eaton Intelligent Power Protector. Its CVSS base score is 5.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Steal Web Session Cookie (T1539); ranked at the 0.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-8 (Transmission Confidentiality and Integrity).

Threat & Defense at a Glance

What attackers do: exploitation maps to Steal Web Session Cookie (T1539) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the insecure cookie configuration flaw by requiring timely remediation through updates to the fixed version of Eaton IPP software.

SC-8 Transmission Confidentiality and Integrity good match

prevent

Prevents man-in-the-middle interception of cookies by enforcing confidentiality and integrity protections for transmitted information over networks.

CM-6 Configuration Settings good match

prevent

Ensures secure cookie configurations, such as Secure, HttpOnly, and SameSite attributes, to address the CWE-614 insecure cookie vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1539 Steal Web Session Cookie Credential Access

An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.

attack.mitre.org →

T1557 Adversary-in-the-Middle Credential Access

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

attack.mitre.org →

Why these techniques?

Insecure cookie configuration (CWE-614) directly enables cookie interception via MITM, facilitating web session cookie theft (T1539) and adversary-in-the-middle attacks (T1557).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP…

software which is available on the Eaton download centre.

Deeper analysisAI

CVE-2026-22617 affects Eaton Intelligent Power Protector (IPP) software due to an insecure cookie configuration. This flaw, classified under CWE-614, enables potential interception of cookies by attackers, as rated with a CVSS v3.1 base score of 5.7 (AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N).

A network-based attacker with high privileges could exploit this vulnerability through a man-in-the-middle (MITM) attack, requiring high attack complexity and user interaction. Successful exploitation would grant high-impact confidentiality and integrity violations, such as unauthorized access to sensitive session data, but no availability disruption.

Eaton's security bulletin (ETN-VA-2025-1025) confirms the issue has been addressed in the latest version of IPP software, available via the Eaton download center; practitioners should update affected systems promptly to mitigate risks.