{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22613", "assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "state": "PUBLISHED", "assignerShortName": "Eaton", "dateReserved": "2026-01-08T04:55:11.726Z", "datePublished": "2026-02-09T05:39:22.834Z", "dateUpdated": "2026-02-09T16:10:46.212Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Network M3", "vendor": "Eaton", "versions": [{"lessThan": "2.3.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2026-02-09T05:37:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton \n\nNetwork M3\n\n which is available on the Eaton download center."}], "value": "The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton \n\nNetwork M3\n\n which is available on the Eaton download center."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "shortName": "Eaton", "dateUpdated": "2026-02-09T05:39:22.834Z"}, "references": [{"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1002.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-09T16:10:35.474303Z", "id": "CVE-2026-22613", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T16:10:46.212Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22613", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-09T16:10:35.474303Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T16:10:42.568Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Eaton", "product": "Network M3", "versions": [{"status": "affected", "version": "0", "lessThan": "2.3.3", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2026-02-09T05:37:00.000Z", "references": [{"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1002.pdf"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton \n\nNetwork M3\n\n which is available on the Eaton download center.", "supportingMedia": [{"type": "text/html", "value": "The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton \n\nNetwork M3\n\n which is available on the Eaton download center.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "shortName": "Eaton", "dateUpdated": "2026-02-09T05:39:22.834Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22613", "state": "PUBLISHED", "dateUpdated": "2026-02-09T16:10:46.212Z", "dateReserved": "2026-01-08T04:55:11.726Z", "assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "datePublished": "2026-02-09T05:39:22.834Z", "assignerShortName": "Eaton"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton \n\nNetwork M3\n\n which is available on the Eaton download center."}, {"lang": "es", "value": "El mecanismo de verificaci\u00f3n de identidad del servidor para la actualizaci\u00f3n del firmware realizada a trav\u00e9s del shell de comandos est\u00e1 implementado de forma insegura, lo que podr\u00eda permitir a un atacante realizar un ataque man-in-the-middle. Este problema de seguridad ha sido solucionado en la \u00faltima versi\u00f3n del firmware de Eaton Network M3, que est\u00e1 disponible en el centro de descargas de Eaton."}], "id": "CVE-2026-22613", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 4.7, "source": "CybersecurityCOE@eaton.com", "type": "Secondary"}]}, "published": "2026-02-09T06:16:24.360", "references": [{"source": "CybersecurityCOE@eaton.com", "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/etn-va-2025-1002.pdf"}], "sourceIdentifier": "CybersecurityCOE@eaton.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "CybersecurityCOE@eaton.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.3.3)"}}], "product": "network_m3", "vendor": "eaton"}], "analysis": {"en": {"generated_at": "2026-04-18T18:17:18.232480+00:00", "value": {"mitigation_remediation": ["Upgrade the device to the latest Eaton Network\u202fM3 firmware that contains the fix", "Disable or restrict command\u2011shell\u2011based firmware upgrades and enforce secure management protocols such as HTTPS or SSH for firmware transfer", "Configure the device to perform proper certificate validation and secure transport before accepting firmware updates"], "summary": {"action": "Patch", "impact": "Man\u2011in\u2011the\u2011Middle during Firmware Upgrade"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Eaton Network\u202fM3 devices that rely on the command\u2011shell interface for firmware updates. All firmware releases before the fix are susceptible; the latest firmware version issued by Eaton includes the corrective changes and is available on the Eaton download center.", "description_and_impact": "An insecure server identity check is used when the device performs a firmware upgrade via the command shell. The check does not properly validate the server\u2019s certificate, which can allow a malicious actor to place themselves between the device and the upgrade host, intercepting the firmware download. Based on the description, it is inferred that the attacker could potentially substitute a tampered image. This flaw enables a Man\u2011in\u2011the\u2011Middle attack during firmware transfer.", "risk_and_exploitability": "The CVSS score of 5.7 indicates moderate overall risk. An EPSS score of under 1\u202f% suggests a very low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. An attacker would need to interfere with the firmware update path or exploit the command shell to hijack the upgrade traffic. Once the attack is successful, based on the description, it is inferred that the attacker could supply a malicious firmware image, potentially compromising device operation. If the device is exposed to attackers who can reach the management interface or the network path used for upgrades, the risk remains significant."}}}}, "created": "2026-02-10T12:23:58.808692+00:00", "title": "Insecure Server Identity Check During Firmware Upgrade Allows MITM Attacks", "updated": "2026-04-18T18:30:07.273927+00:00", "vendors": ["eaton", "eaton$PRODUCT$network_m3"]}