Eaton UPS Companion Vulnerabilities: Arbitrary Code Execution Risk

On January 5, 2026, Eaton issued a critical security advisory (ETN-VA-2025-1026) warning of multiple vulnerabilities in its UPS Companion (EUC) software. If exploited, these flaws could allow attackers to execute arbitrary code on host systems, potentially granting them full control over affected devices.

Vulnerability Breakdown

CVE ID	Severity	Flaw Type	Summary
CVE-2025-59887	High (8.6)	Insecure Library Loading	Installer flaw allows malicious DLLs to be loaded instead of legitimate ones.
CVE-2025-59888	Medium (6.7)	Unquoted Search Path	Improper quotation in file paths lets local attackers run malicious executables.

Technical Details

• CVE-2025-59887 (DLL Hijacking):
  • Occurs when applications load DLLs from insecure paths.
  • Attackers can replace legitimate DLLs with malicious ones, leading to arbitrary code execution.
• CVE-2025-59888 (Unquoted Path Execution):
  • Exploits Windows behavior with file paths containing spaces but lacking quotes.
  • Malicious executables placed in specific directories may be executed unintentionally.

Impact

• Risk level: High.
• Affected versions: All Eaton UPS Companion releases prior to v3.0.
• Potential consequences:
  • Full system compromise.
  • Unauthorized access to control systems.
  • Cascading operational disruption in environments relying on UPS monitoring.

Recommended Actions

• Immediate patching: Upgrade to UPS Companion v3.0 via Eaton’s official distribution channels.
• Mitigation if patching delayed:
  • Restrict local/remote access to authorized personnel only.
  • Place control system networks behind securely configured firewalls.
  • Avoid downloading software from unofficial sources to prevent tampering.

Takeaway

These vulnerabilities highlight the critical importance of secure software installation practices. DLL hijacking and unquoted path flaws are long-standing issues in Windows environments, yet they remain exploitable when overlooked. Eaton’s swift release of v3.0 underscores the urgency for customers to patch immediately and reinforce network access controls.