CVE-2020-6651
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Eaton | Intelligent Power manager (IPM) | unspecified <= 1.67 | affected |
Weaknesses
- CWE-20: CWE-20 Improper Input Validation
Workarounds
Block ports 4679 & 4680 at enterprise network or home network where Intelligent Power Manager (IPM) software is installed and used.
ADP Enrichment
CVE Program Container
Additional References
- https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-intelligent-power-manager-v1-1.pdf
- https://www.zerodayinitiative.com/advisories/ZDI-20-649/
References
- https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-intelligent-power-manager-v1-1.pdf
- https://www.zerodayinitiative.com/advisories/ZDI-20-649/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.