CVE-2018-16158

high-risk

Published 2018-08-30

Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option.

Do I need to act?

70.0% chance of exploitation in next 30 days

EPSS score — higher than 30% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (3)

Power Xpert Meter 4000 Firmware

Power Xpert Meter 6000 Firmware

Power Xpert Meter 8000 Firmware

Affected Vendors

Eaton

References (5)

Vendor Advisory http://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/secur...

Exploit https://www.ctrlu.net/vuln/0006.html

Exploit https://github.com/BrianWGray/msf/blob/master/exploits/linux/ssh/eaton_known_pri...

Vendor Advisory http://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/secur...

Exploit https://www.ctrlu.net/vuln/0006.html

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 19/34 · Moderate

Exposure 9/34 · Low