A high-severity vulnerability has been identified in the Eaton UPS Companion software installer. The software fails to properly verify its library files, which could allow an attacker to execute malicious code by tricking a user into running a modified installer package. Successful exploitation could lead to a full system compromise, resulting in data theft, ransomware, or further network intrusion.

The vulnerability exists within the software installer for the Eaton UPS Companion. The installer does not perform adequate authentication or integrity checks on the library files (e.g., DLLs) it uses during the installation process. An attacker with the ability to modify the software installation package could replace a legitimate library file with a malicious one. When a user executes the compromised installer, the malicious library is loaded and its code is executed with the same privileges as the user running the installer, often leading to arbitrary code execution.

This vulnerability is rated as High severity with a CVSS score of 8.6. Successful exploitation could lead to a complete compromise of the workstation where the software is installed. Potential consequences include the deployment of ransomware, theft of sensitive corporate or personal data, installation of persistent backdoors for long-term access, and the ability for an attacker to move laterally across the network. The primary risks to the organization are loss of data confidentiality and integrity, operational disruption, and significant reputational damage.

Immediate Action: Organizations must apply the security updates provided by the vendor immediately to all affected systems. It is critical to ensure that these updates are downloaded directly from the official Eaton website to avoid compromised packages. After patching, monitor systems for any signs of exploitation and review system and application access logs for any unusual activity related to the installer's execution.

Proactive Monitoring: Implement monitoring to detect potential exploitation attempts. This includes checking the integrity of all downloaded software installers using file hashes (e.g., SHA-256) provided by the vendor. Monitor for suspicious process behavior during software installation, such as unexpected network connections or the creation of unauthorized files and processes by the installer.

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Enforce a strict policy requiring all software to be downloaded exclusively from official, trusted vendor sources.
• Utilize application control solutions, such as AppLocker or Windows Defender Application Control, to prevent the execution of unsigned or unauthorized library files.
• Run installers in a sandboxed or isolated environment to contain any potential malicious activity.
• Educate users on the risks of downloading and running software from unverified links or third-party websites.

Public Exploit Available: false

Given the high CVSS score of 8.6 and the potential for complete system compromise, this vulnerability requires immediate attention. We strongly recommend that all organizations using the affected Eaton software prioritize the deployment of the vendor-supplied patches. Although this CVE is not currently on the CISA KEV list, its high severity indicates a significant risk that should be addressed urgently to prevent potential exploitation.