Vulnerabilities > Eaton
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-18 | CVE-2021-23286 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Eaton Intelligent Power Manager Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. | 8.0 |
| 2022-04-01 | CVE-2021-23287 | Cross-site Scripting vulnerability in Eaton Intelligent Power Manager 1.6/1.67/1.69 The vulnerability exists due to insufficient validation of input of certain resources within the IPM software. | 5.4 |
| 2022-04-01 | CVE-2021-23288 | Cross-site Scripting vulnerability in Eaton Intelligent Power Protector The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. | 4.8 |
| 2021-04-13 | CVE-2021-23281 | Code Injection vulnerability in Eaton Intelligent Power Manager 1.6/1.67 Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. | 10.0 |
| 2021-04-13 | CVE-2021-23280 | Unrestricted Upload of File with Dangerous Type vulnerability in Eaton products Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. | 9.9 |
| 2021-04-13 | CVE-2021-23279 | Improper Input Validation vulnerability in Eaton products Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveDriverData action using invalidated driverID. | 10.0 |
| 2021-04-13 | CVE-2021-23278 | Unspecified vulnerability in Eaton products Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action removeBackground and server/node_upgrade_srv.js with action removeFirmware. | 9.6 |
| 2021-04-13 | CVE-2021-23277 | Code Injection vulnerability in Eaton products Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. | 10.0 |
| 2021-04-13 | CVE-2021-23276 | SQL Injection vulnerability in Eaton products Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. | 8.8 |
| 2021-01-07 | CVE-2020-6656 | Type Confusion vulnerability in Eaton Easysoft Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file parsing type confusion remote code execution vulnerability. | 7.8 |