CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2021-23281

CVSS 10.0v3.1pub. 2021-04-13upd. 2024-11-21

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to rouge SNMP server and execute attacker-controlled code.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Eaton Intelligent Power Manager

    APP
    Eaton
    < 1.69
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2018-12031CRITICAL9.8ten sam produkt

Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/n...

CVE-2021-23278HIGH8.7ten sam produkt

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulne...

CVE-2021-23276HIGH7.1ten sam produkt

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. A malicious ...

CVE-2021-23277HIGH8.3ten sam produkt

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerabil...

CVE-2021-23279HIGH8.0ten sam produkt

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vul...