Eaton IPM Vulnerable to Stored Cross-Site Scripting

CVE-2021-23282

5.2MEDIUM

Key Information

Vendor: Eaton
Status: Intelligent Power Manager (ipm)
Vendor: CVE Published:; 25 November 2024

Summary

Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system

Affected Version(s)

Intelligent Power Manager (IPM) < 1.70

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 25, 2024
Vulnerability Reserved.
Jan 8, 2021

Collectors

NVD DatabaseMitre Database