32 matches found
CVE-2021-23282
Eaton Intelligent Power Manager IPM prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM software. The attacker would need access to the local Subnet and an administrator interaction to...
CVE-2021-23282 Stored Cross-site Scripting reported in Intelligent Power Manager v1
Eaton Intelligent Power Manager IPM prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM software. The attacker would need access to the local Subnet and an administrator interaction to...
CVE-2021-23282 Stored Cross-site Scripting reported in Intelligent Power Manager v1
Eaton Intelligent Power Manager IPM prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM software. The attacker would need access to the local Subnet and an administrator interaction to...
Eaton Intelligent Power Manager
1. EXECUTIVE SUMMARY CVSS v3 5.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Eaton Equipment: Intelligent Power Manager IPM v1 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code...
CVE-2021-23285
Eaton Intelligent Power Manager Infrastructure IPM Infrastructure version 1.5.0plus205 and all prior versions are vulnerable to reflected Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure IPM Infrastructure all version 1.5.0plus205 and prior...
CVE-2021-23285
Eaton Intelligent Power Manager Infrastructure IPM Infrastructure version 1.5.0plus205 and all prior versions are vulnerable to reflected Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure IPM Infrastructure all version 1.5.0plus205 and prior...
CVE-2021-23286
Eaton Intelligent Power Manager Infrastructure IPM Infrastructure version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure IPM Infrastructure all version 1.5.0plus205 and prior versions...
Cross site scripting
Eaton Intelligent Power Manager Infrastructure IPM Infrastructure version 1.5.0plus205 and all prior versions are vulnerable to Stored Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure IPM Infrastructure all version 1.5.0plus205 and prior...
Design/Logic Flaw
Eaton Intelligent Power Manager Infrastructure IPM Infrastructure version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure IPM Infrastructure all version 1.5.0plus205 and prior versions...
CVE-2021-23286 Security issues in Eaton Intelligent Power Manager Infrastructure
Eaton Intelligent Power Manager Infrastructure IPM Infrastructure version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure IPM Infrastructure all version 1.5.0plus205 and prior versions...
CVE-2021-23284 Security issues in Eaton Intelligent Power Manager Infrastructure
Eaton Intelligent Power Manager Infrastructure IPM Infrastructure version 1.5.0plus205 and all prior versions are vulnerable to Stored Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure IPM Infrastructure all version 1.5.0plus205 and prior...
CVE-2021-23281
Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in metadriversrv.js class. Attackers can send a specially crafted packet to make IPM connect to rou...
CVE-2021-23276
Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base...
CVE-2021-23279
Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in metadriversrv.js class with saveDriverData action using invalidated driverID. An attacker can send specially crafted packets to delete...
CVE-2021-23277
Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful exploitation can...
CVE-2021-23280
Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s mapssrv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious code or execute any command using a speciall...
CVE-2021-23279
Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in metadriversrv.js class with saveDriverData action using invalidated driverID. An attacker can send specially crafted packets to delete...
CVE-2021-23278
Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/mapssrv.js with action removeBackground and server/nodeupgradesrv.js with action removeFirmware. An attacker can send specially...
Privilege escalation
Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s mapssrv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious code or execute any command using a speciall...
Design/Logic Flaw
Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful exploitation can...