CVE-2021-23279

Summary

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveDriverData action using invalidated driverID. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed.

Affected Software

VendorProductVersion RangeStatus
EatonIntelligent Power manager (IPM)unspecified < 1.69affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

Workarounds

To prevent the exploitation of the issues and safeguard the software from malicious entities, Eaton recommends blocking ports 4679 & 4680 at the enterprise network or home network where Intelligent Power Manager (IPM) software is installed and used

ADP Enrichment

CVE Program Container

Additional References

References