Vulnerabilities > Eaton > Intelligent Power Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-07 | CVE-2020-6651 | OS Command Injection vulnerability in Eaton Intelligent Power Manager 1.6/1.67 Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application. | 7.3 |
| 2018-06-07 | CVE-2018-12031 | Path Traversal vulnerability in Eaton Intelligent Power Manager 1.6 Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action. | 9.8 |