VYPR

Intelligent Power Manager

by Eaton

CVEs (14)

  • CVE-2021-23281CriApr 13, 2021
    risk 0.65cvss 10.0epss 0.02

    Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to…

  • CVE-2018-12031CriJun 7, 2018
    risk 0.65cvss 9.8epss 0.17

    Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.

  • CVE-2021-23278HigApr 13, 2021
    risk 0.57cvss 8.7epss 0.01

    Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action removeBackground and server/node_upgrade_srv.js with action removeFirmware. An…

  • CVE-2020-6651HigMay 7, 2020
    risk 0.57cvss 8.8epss 0.02

    Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file…

  • CVE-2021-23279HigApr 13, 2021
    risk 0.54cvss 8.0epss 0.27

    Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveDriverData action using invalidated driverID. An attacker can send specially…

  • CVE-2021-23277HigApr 13, 2021
    risk 0.54cvss 8.3epss 0.01

    Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful…

  • CVE-2021-23280HigApr 13, 2021
    risk 0.52cvss 8.0epss 0.01

    Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s maps_srv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious code or execute any…

  • CVE-2020-6652HigMay 7, 2020
    risk 0.51cvss 7.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations…

  • CVE-2021-23276HigApr 13, 2021
    risk 0.46cvss 7.1epss 0.01

    Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base.

  • CVE-2021-23286MedApr 18, 2022
    risk 0.37cvss 5.7epss 0.00

    Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior…

  • CVE-2021-23284MedApr 18, 2022
    risk 0.37cvss 5.7epss 0.00

    Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to Stored Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version…

  • CVE-2021-23287MedApr 1, 2022
    risk 0.36cvss 5.6epss 0.00

    The vulnerability exists due to insufficient validation of input of certain resources within the IPM software. This issue affects: Intelligent Power Manager (IPM 1) versions prior to 1.70.

  • CVE-2021-23282MedNov 25, 2024
    risk 0.34cvss 5.2epss 0.08

    Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM software. The attacker would need access to the local Subnet and an administrator…

  • CVE-2021-23285LowApr 18, 2022
    risk 0.20cvss 3.1epss 0.00

    Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to reflected Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version…