Vulnerability Details CVE-2021-23280
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s maps_srv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious code or execute any command using a specially crafted packet to exploit the vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.9%
CVSS Severity
CVSS v3 Score 8.0
CVSS v2 Score 6.5
References
- https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-intelligent-power-manager-ipm-vulnerability-advisory.pdf
- https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-intelligent-power-manager-ipm-vulnerability-advisory.pdf
Products affected by CVE-2021-23280
-
cpe:2.3:a:eaton:intelligent_power_manager:1.6
-
cpe:2.3:a:eaton:intelligent_power_manager:1.67
-
cpe:2.3:a:eaton:intelligent_power_manager_virtual_appliance:*
-
cpe:2.3:a:eaton:intelligent_power_protector:1.10
-
cpe:2.3:a:eaton:intelligent_power_protector:1.20
-
cpe:2.3:a:eaton:intelligent_power_protector:1.28
-
cpe:2.3:a:eaton:intelligent_power_protector:1.30
-
cpe:2.3:a:eaton:intelligent_power_protector:1.42
-
cpe:2.3:a:eaton:intelligent_power_protector:1.50
-
cpe:2.3:a:eaton:intelligent_power_protector:1.52
-
cpe:2.3:a:eaton:intelligent_power_protector:1.53
-
cpe:2.3:a:eaton:intelligent_power_protector:1.61
-
cpe:2.3:a:eaton:intelligent_power_protector:1.66
-
cpe:2.3:a:eaton:intelligent_power_protector:1.67