Security issues in Eaton Intelligent Power Protector (IPP)
CVE-2021-23283

5.2MEDIUM

Key Information:

Vendor
Eaton
Status
Eaton Intelligent Power Protector (ipp)
Vendor
CVE Published:
19 April 2022

Summary

Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software.

Affected Version(s)

Eaton Intelligent Power Protector (IPP) < 1.69 release 166

References

https://www.eaton.com/content/dam/eaton/company/news-insi...
x_refsource_MISC

CVSS V3.1

Score:
5.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Eaton thanks the below organization and individuals for their coordinated support on the security vulnerability: CVE-2021-23283 - Micheal Heinzl via ICS-Cert
.
CVE-2021-23283 : Security issues in Eaton Intelligent Power Protector (IPP) | SecurityVulnerability.io