Skip to main content

CVE-2021-23278

Severity High
Score 9.6/10

Summary

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action removeBackground and server/node_upgrade_srv.js with action removeFirmware. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed.

  • LOW
  • NETWORK
  • HIGH
  • CHANGED
  • NONE
  • LOW
  • NONE
  • HIGH

References

Advisory Timeline

  • Published