![]() IPM software does not sanitize the date provided via the “coverterCheckList” function in meta_driver_srv.js class. An attacker can upload a malicious code or execute any command using a specially crafted packet to exploit the vulnerability.ĬVE-2021-23280 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.0.Īlso, Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to an unauthenticated remote code execution vulnerability. IPM’s maps_srv.js allows an attacker to upload a malicious NodeJS file using the “uploadBackground” function. In addition, Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to an authenticated arbitrary file upload vulnerability. ![]() An attacker can send specially crafted packets to delete the files on the system where IPM software is installed.ĬVE-2021-23279 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.0. In another issue, Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to an unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with the “saveDriverData” function using invalidated driverID. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed.ĬVE-2021-23278 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.7. Successful exploitation can allow attackers to control the input to the function and execute attacker-controlled commands.ĬVE-2021-23277 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.3.Īlso, Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to an authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with the “removeBackground” function and server/node_upgrade_srv.js with the “removeFirmware” function. The software does not neutralize code syntax from users before using in the dynamic evaluation call in the “loadUserFile” function under scripts/libs/utils.js. In addition, Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to an unauthenticated eval injection vulnerability. ![]() CVE-2021-23276 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.1. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |