It's not too hard to find vulnerabilities like this out there, but it is a true pleasure to see how well described and at the same time well documented the vulnerabilities and disclosure process in this case are handled. This makes it particularly useful to learn from as a real-life example. Well written, thank you for this cool piece of security work.

Sidenote: This is not the Eaton known for UPS's, power delivery components, aerospace parts and golf club grips, this is some other Eaton.