Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

ups_companion

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

4
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2025-67450
Assigner-Eaton
ShareView Details
Assigner-Eaton
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.54%
||
7 Day CHG-0.01%
Published-26 Dec, 2025 | 06:59
Updated-18 Feb, 2026 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.

Action-Not Available
Vendor-eatonEaton
Product-ups_companionUPS Companion software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2025-59888
Assigner-Eaton
ShareView Details
Assigner-Eaton
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.42%
||
7 Day CHG-0.01%
Published-26 Dec, 2025 | 06:53
Updated-18 Feb, 2026 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.

Action-Not Available
Vendor-eatonEaton
Product-ups_companionUPS Companion software
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2025-59887
Assigner-Eaton
ShareView Details
Assigner-Eaton
CVSS Score-8.6||HIGH
EPSS-0.01% / 0.89%
||
7 Day CHG-0.02%
Published-26 Dec, 2025 | 06:48
Updated-18 Feb, 2026 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.

Action-Not Available
Vendor-eatonEaton
Product-ups_companionEaton UPS Companion Software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-6650
Assigner-Eaton
ShareView Details
Assigner-Eaton
CVSS Score-8.3||HIGH
EPSS-4.85% / 89.30%
||
7 Day CHG~0.00%
Published-23 Mar, 2020 | 13:25
Updated-16 Sep, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary code execution through “Update Manager” Class

UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.”eval” in “Update Manager” class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed.

Action-Not Available
Vendor-eatonEaton
Product-ups_companionUPS Companion Software
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')