CVE-2020-6651

Summary

Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application.

Affected Software

VendorProductVersion RangeStatus
EatonIntelligent Power manager (IPM)unspecified <= 1.67affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

Workarounds

Block ports 4679 & 4680 at enterprise network or home network where Intelligent Power Manager (IPM) software is installed and used.

ADP Enrichment

CVE Program Container

Additional References

References