Vulnerabilities > Eaton > Intelligent Power Manager > 1.67

DATE CVE VULNERABILITY TITLE RISK
2022-04-01 CVE-2021-23287 Cross-site Scripting vulnerability in Eaton Intelligent Power Manager 1.6/1.67/1.69
The vulnerability exists due to insufficient validation of input of certain resources within the IPM software.
network
low complexity
eaton CWE-79
5.4
2021-04-13 CVE-2021-23281 Code Injection vulnerability in Eaton Intelligent Power Manager 1.6/1.67
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability.
network
low complexity
eaton CWE-94
critical
10.0
2021-04-13 CVE-2021-23280 Unrestricted Upload of File with Dangerous Type vulnerability in Eaton products
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability.
network
low complexity
eaton CWE-434
critical
9.9
2021-04-13 CVE-2021-23279 Improper Input Validation vulnerability in Eaton products
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveDriverData action using invalidated driverID.
network
low complexity
eaton CWE-20
critical
10.0
2021-04-13 CVE-2021-23278 Unspecified vulnerability in Eaton products
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action removeBackground and server/node_upgrade_srv.js with action removeFirmware.
network
low complexity
eaton
critical
9.6
2021-04-13 CVE-2021-23277 Code Injection vulnerability in Eaton products
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability.
network
low complexity
eaton CWE-94
critical
10.0
2021-04-13 CVE-2021-23276 SQL Injection vulnerability in Eaton products
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection.
network
low complexity
eaton CWE-89
8.8
2020-05-07 CVE-2020-6652 Improper Privilege Management vulnerability in Eaton Intelligent Power Manager 1.6/1.67
Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests.
local
low complexity
eaton CWE-269
7.8
2020-05-07 CVE-2020-6651 OS Command Injection vulnerability in Eaton Intelligent Power Manager 1.6/1.67
Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application.
local
low complexity
eaton CWE-78
7.3