Intelligent Power Manager Security Vulnerabilities and Issues — Intelligent Power Manager CVE List

Lucene search

EatonIntelligent Power Manager

3 matches found

CVE•added 2018/06/07 4:29 p.m.•70 views

CVE-2018-12031

Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.

9.8CVSS9.3AI score0.80134EPSS

CVE•added 2021/04/13 7:15 p.m.•54 views

CVE-2021-23278

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action removeBackground and server/node_upgrade_srv.js with action removeFirmware. An attacker can send speciall...

9.6CVSS9AI score0.00099EPSS

CVE•added 2021/04/13 7:15 p.m.•45 views

CVE-2021-23280

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s maps_srv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious code or execute any command using a special...

9.9CVSS9AI score0.00123EPSS