CVE-2020-6652

Summary

Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the configurations with incorrect parameters.

Affected Software

VendorProductVersion RangeStatus
EatonIntelligent Power manager (IPM)unspecified <= 1.67affected

Weaknesses

  • CWE-266: CWE-266 Incorrect Privilege Assignment

Workarounds

Remove users which are not part of the origination and having accounts in the software. Block port 4679 & 4680 at enterprise network firewall to prevent malicious users from accessing the software outside the facility.

ADP Enrichment

CVE Program Container

Additional References

References