CVE-2025-59886

Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve and to meet our requirements today, Eaton has decided to...

CVE-2025-59886

Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve and to meet our requirements today, Eaton has decided to...

CVE-2025-59886

Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve and to meet our requirements today, Eaton has decided to...

EUVD-2025-204794

Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity standards continue to evolve and to meet our requirements today, Eaton has decided to...

CVE-2025-59886

The CVE-2025-59886 issue affects Eaton xComfort ECI, specifically improper input validation at a web interface endpoint. This could allow a network-adjacent attacker to execute privileged commands on the device. Multiple sources corroborate a high-severity impact (CVSS 3.1: Network access, Privil...

PT-2025-52737

Name of the Vulnerable Software and Affected Versions Eaton xComfort ECI affected versions not specified Description A flaw exists in the input validation process of a web interface endpoint within Eaton xComfort ECI. This could allow an attacker with network access to the device to execute...

Eaton xComfort ECI 安全漏洞

The Eaton xComfort ECI is an Ethernet communication interface device from Eaton Corporation USA. A security vulnerability exists in the Eaton xComfort ECI that stems from improper validation of web interface endpoint inputs, which could allow an attacker with network access rights to execute...

EUVD-2016-10178

Malware in sbrugna...

Eaton xComfort Ethernet Communication Interface Unauthorized Access Vulnerability

Eaton xComfort is a smart home solution from Eaton Corporation of America. The solution includes a wireless home automation system that provides the home with features such as security and energy management.Ethernet Communication Interface ECI is one of the Ethernet connection ports. A security...

CVE-2016-9368

An issue was discovered in Eaton xComfort Ethernet Communication Interface ECI Versions 1.07 and prior. By accessing a specific uniform resource locator URL on the webserver, a malicious user may be able to access files without authenticating...

Code injection

An issue was discovered in Eaton xComfort Ethernet Communication Interface ECI Versions 1.07 and prior. By accessing a specific uniform resource locator URL on the webserver, a malicious user may be able to access files without authenticating...

CVE-2016-9368

An issue was discovered in Eaton xComfort Ethernet Communication Interface ECI Versions 1.07 and prior. By accessing a specific uniform resource locator URL on the webserver, a malicious user may be able to access files without authenticating...

CVE-2016-9368

Eaton xComfort Ethernet Communication Interface (ECI) versions 1.07 and earlier are affected by an improper access control flaw (CWE-284). By requesting a specific URL on the webserver, an unauthenticated remote attacker could access files, including backups and system logs, without authenticatio...

CVE-2016-9368

An issue was discovered in Eaton xComfort Ethernet Communication Interface ECI Versions 1.07 and prior. By accessing a specific uniform resource locator URL on the webserver, a malicious user may be able to access files without authenticating...

Eaton xComfort Ethernet Communication Interface (ECI) Information Disclosure Vulnerability

The xComfort Ethernet Communication Interface ECI is a building automation system. An information disclosure vulnerability exists in Eaton xComfort Ethernet Communication Interface ECI versions 1.07 and earlier, which can be exploited by remote attackers to access backup files and system logs...

ICSA-17-061-01_Eaton xComfort Ethernet Communication Interface

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Eaton Equipment: xComfort Ethernet Communication Interface Vulnerability: Improper Access Control AFFECTED PRODUCTS The following versions of xComfort Ethernet Communication Interface ECI, a building automation system...