High severity8.3NVD Advisory· Published Apr 13, 2021· Updated Jun 17, 2026
CVE-2021-23277
CVE-2021-23277
Description
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful exploitation can allow attackers to control the input to the function and execute attacker controlled commands.
Affected products
2<1.69+ 1 more
- (no CPE)range: <1.69
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.