Eaton: >> Intelligent Power Manager Security Vulnerabilities
Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the configurations with incorrect parameters.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-05-07
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.
CVSS Score
9.8
EPSS Score
0.801
Published
2018-06-07
Page 2