Security News > 2021 > April > Vulnerabilities in Eaton Product Can Allow Hackers to Disrupt Power Supply
Power management solutions provider Eaton has released patches for its Intelligent Power Manager software to address several potentially serious vulnerabilities, including ones that researchers say could allow hackers to disrupt power supply.
Eaton's IPM solution is designed to ensure system uptime and data integrity by allowing organizations to remotely monitor, manage and control the uninterruptible power supply devices on their network.
According to security advisories published this month by Eaton and the U.S. Cybersecurity and Infrastructure Security Agency, the IPM product is affected by six high-severity vulnerabilities that can be exploited for SQL injection, command execution, deleting arbitrary files, uploading arbitrary files, and remote code execution.
Amir Preminger, VP of research at industrial cybersecurity firm Claroty, who has been credited by Eaton for reporting the six vulnerabilities, told SecurityWeek that the issues were identified in a web server interface of the IPM software that enables users to configure the product.
"The goal of the Eaton IPM software is to enable users to manage their UPS system. By exploiting a server using this software, an attacker can disrupt the UPS operations and therefore disrupt the power supply to equipment that relies on the UPS as its power source," Preminger explained.
The security holes impact Eaton IPM and Intelligent Power Manager Virtual Appliance running versions prior to 1.69, and Intelligent Power Protector running versions prior to 1.68.