Skip to main content

Intelligent Power Manager

9 CVEs product

Monthly

CVE-2021-23281 CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Intelligent Power Manager
NVD
CVSS 3.1
10.0
EPSS
2.2%
CVE-2021-23280 CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Intelligent Power Manager Intelligent Power Manager Virtual Appliance Intelligent Power Protector
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2021-23279 CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intelligent Power Manager Intelligent Power Manager Virtual Appliance Intelligent Power Protector
NVD
CVSS 3.1
10.0
EPSS
27.1%
CVE-2021-23278 CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Intelligent Power Manager Intelligent Power Manager Virtual Appliance Intelligent Power Protector
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2021-23277 CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Intelligent Power Manager Intelligent Power Manager Virtual Appliance Intelligent Power Protector
NVD
CVSS 3.1
10.0
EPSS
1.0%
CVE-2021-23276 HIGH This Week

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Intelligent Power Manager Intelligent Power Manager Virtual Appliance Intelligent Power Protector
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-6652 HIGH This Week

Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intelligent Power Manager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-6651 HIGH This Week

Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Intelligent Power Manager
NVD
CVSS 3.1
7.3
EPSS
2.1%
CVE-2018-12031 CRITICAL POC THREAT Act Now

Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Intelligent Power Manager
NVD GitHub
CVSS 3.0
9.8
EPSS
17.3%
EPSS 2% CVSS 10.0
CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Intelligent Power Manager
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Intelligent Power Manager Intelligent Power Manager Virtual Appliance +1
NVD
EPSS 27% CVSS 10.0
CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intelligent Power Manager Intelligent Power Manager Virtual Appliance +1
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Intelligent Power Manager Intelligent Power Manager Virtual Appliance +1
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Intelligent Power Manager Intelligent Power Manager Virtual Appliance +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Intelligent Power Manager Intelligent Power Manager Virtual Appliance +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intelligent Power Manager
NVD
EPSS 2% CVSS 7.3
HIGH This Week

Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Intelligent Power Manager
NVD
EPSS 17% CVSS 9.8
CRITICAL POC THREAT Act Now

Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Intelligent Power Manager
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy