Vulnerabilities > CVE-2021-23286 - Improper Neutralization of Formula Elements in a CSV File vulnerability in Eaton Intelligent Power Manager

047910
CVSS 8.0 - HIGH
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
low complexity
eaton
CWE-1236

Summary

Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions.

Vulnerable Configurations

Part Description Count
Application
Eaton
1