Eaton Lighting Systems EG2 Web Control Authentication Bypass Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on March 1, 2016, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified vulnerabilities in Eaton Lighting Systems’ EG2 Web Control application. Eaton Lighting Systems...

CVE-2016-2272

Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to have an unspecified impact via a modified cookie...

CVE-2016-0871

Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request...

CVE-2016-0871

The CVE-2016-0871 issue affects Eaton Lighting EG2 Web Control (V4.04P and prior). Root causes include CWE-565: Reliance on Cookies without Validation, and CWE-312: Cleartext Storage of Sensitive Information. A remote attacker could read configuration files and view credentials via a direct reque...

Eaton Lighting Systems EG2 Web Control Authentication Bypass Vulnerability (CNVD-2016-02006)

The Eaton Lighting Systems EG2 Web Control is a controller product from Eaton Lighting Systems USA for Internet and Wi-Fi LAN connections to the iLumin network. An authentication bypass vulnerability exists in Eaton Lighting Systems EG2 Web Control version 4.04P and earlier. A remote attacker cou...