Vulnerability Details CVE-2021-23278
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action removeBackground and server/node_upgrade_srv.js with action removeFirmware. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.8%
CVSS Severity
CVSS v3 Score 8.7
CVSS v2 Score 5.5
References
- https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-intelligent-power-manager-ipm-vulnerability-advisory.pdf
- https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-intelligent-power-manager-ipm-vulnerability-advisory.pdf
Products affected by CVE-2021-23278
-
cpe:2.3:a:eaton:intelligent_power_manager:1.6
-
cpe:2.3:a:eaton:intelligent_power_manager:1.67
-
cpe:2.3:a:eaton:intelligent_power_manager_virtual_appliance:*
-
cpe:2.3:a:eaton:intelligent_power_protector:1.10
-
cpe:2.3:a:eaton:intelligent_power_protector:1.20
-
cpe:2.3:a:eaton:intelligent_power_protector:1.28
-
cpe:2.3:a:eaton:intelligent_power_protector:1.30
-
cpe:2.3:a:eaton:intelligent_power_protector:1.42
-
cpe:2.3:a:eaton:intelligent_power_protector:1.50
-
cpe:2.3:a:eaton:intelligent_power_protector:1.52
-
cpe:2.3:a:eaton:intelligent_power_protector:1.53
-
cpe:2.3:a:eaton:intelligent_power_protector:1.61
-
cpe:2.3:a:eaton:intelligent_power_protector:1.66
-
cpe:2.3:a:eaton:intelligent_power_protector:1.67