Vulnerability Details CVE-2021-23276
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.6%
CVSS Severity
CVSS v3 Score 7.1
CVSS v2 Score 6.5
References
- https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-intelligent-power-manager-ipm-vulnerability-advisory.pdf
- https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-intelligent-power-manager-ipm-vulnerability-advisory.pdf
Products affected by CVE-2021-23276
-
cpe:2.3:a:eaton:intelligent_power_manager:1.6
-
cpe:2.3:a:eaton:intelligent_power_manager:1.67
-
cpe:2.3:a:eaton:intelligent_power_manager_virtual_appliance:*
-
cpe:2.3:a:eaton:intelligent_power_protector:1.10
-
cpe:2.3:a:eaton:intelligent_power_protector:1.20
-
cpe:2.3:a:eaton:intelligent_power_protector:1.28
-
cpe:2.3:a:eaton:intelligent_power_protector:1.30
-
cpe:2.3:a:eaton:intelligent_power_protector:1.42
-
cpe:2.3:a:eaton:intelligent_power_protector:1.50
-
cpe:2.3:a:eaton:intelligent_power_protector:1.52
-
cpe:2.3:a:eaton:intelligent_power_protector:1.53
-
cpe:2.3:a:eaton:intelligent_power_protector:1.61
-
cpe:2.3:a:eaton:intelligent_power_protector:1.66
-
cpe:2.3:a:eaton:intelligent_power_protector:1.67