CyberSec.Space Logo
Back to CVE Browser

CVE-2021-23281

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0040%
EPSS Percentile6.18th
PublishedApr 13, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to rouge SNMP server and execute attacker-controlled code.

Affected Platforms (CPE)

📦
Eaton

Intelligent Power Manager

< 1.69

References & Advisories

🔗 https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-intelligent-power-manager-ipm-vulnerability-advisory.pdf
🔗 https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-intelligent-power-manager-ipm-vulnerability-advisory.pdf

Related Vulnerabilities

CVE-2013-403110.0

The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Managemen...

CVE-2018-120319.8

Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js d...

CVE-2020-66518.8

Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import ...

CVE-2021-232788.7

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due...