Eaton Security Bulletin on Apache ActiveMQ Vulnerability

This document is a security bulletin issued by Eaton regarding a critical vulnerability identified in the Apache ActiveMQ library, designated as CVE-2023-46604. The vulnerability allows a remote attacker with network access to execute arbitrary shell commands by manipulating serialized class types within the OpenWire protocol. The affected versions of ActiveMQ include those up to v5.15.15, as well as v5.16.0 to v5.16.6, v5.17.0 to v5.17.5, and v5.18.0 to v5.18.2. Eaton products impacted by this vulnerability include IPM2, Yukon, Yukon Grid Server, Network Manager, and VCOM. The bulletin outlines remediation steps, including firmware updates for affected products and general cybersecurity best practices to mitigate risks. It emphasizes the importance of minimizing network exposure and using secure methods for remote access. Additionally, Eaton expresses its commitment to cybersecurity and provides information on available services for vulnerability assessment and remediation.