Vulnerabilities > Eaton > Intelligent Power Manager > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-13 | CVE-2021-23277 | Code Injection vulnerability in Eaton products Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. | 10.0 |
| 2021-04-13 | CVE-2021-23278 | Unspecified vulnerability in Eaton products Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action removeBackground and server/node_upgrade_srv.js with action removeFirmware. | 9.6 |
| 2021-04-13 | CVE-2021-23279 | Improper Input Validation vulnerability in Eaton products Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveDriverData action using invalidated driverID. | 10.0 |
| 2021-04-13 | CVE-2021-23280 | Unrestricted Upload of File with Dangerous Type vulnerability in Eaton products Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. | 9.9 |
| 2021-04-13 | CVE-2021-23281 | Code Injection vulnerability in Eaton Intelligent Power Manager 1.6/1.67 Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. | 10.0 |
| 2018-06-07 | CVE-2018-12031 | Path Traversal vulnerability in Eaton Intelligent Power Manager 1.6 Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action. | 9.8 |