Vulnerabilities > Eaton > Intelligent Power Manager > High

DATE CVE VULNERABILITY TITLE RISK
2022-04-18 CVE-2021-23286 Improper Neutralization of Formula Elements in a CSV File vulnerability in Eaton Intelligent Power Manager
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection.
low complexity
eaton CWE-1236
8.0
2021-04-13 CVE-2021-23276 SQL Injection vulnerability in Eaton products
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection.
network
low complexity
eaton CWE-89
8.8
2020-05-07 CVE-2020-6652 Improper Privilege Management vulnerability in Eaton Intelligent Power Manager 1.6/1.67
Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests.
local
low complexity
eaton CWE-269
7.8
2020-05-07 CVE-2020-6651 OS Command Injection vulnerability in Eaton Intelligent Power Manager 1.6/1.67
Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application.
local
low complexity
eaton CWE-78
7.3