Security issues in Eaton Intelligent Power Manager Infrastructure
CVE-2021-23285

3.1LOW

Key Information:

Vendor
Eaton
Status
Intelligent Power Manager Infrastructure (ipm Infrastructure)
Vendor
CVE Published:
18 April 2022

Summary

Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to reflected Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions.

Affected Version(s)

Intelligent Power Manager Infrastructure (IPM Infrastructure) all <= 1.5.0plus205

References

https://www.eaton.com/content/dam/eaton/company/news-insi...
x_refsource_MISC
https://www.eaton.com/content/dam/eaton/products/backup-p...
x_refsource_MISC

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Eaton thanks the ICS-Cert organization and individuals for their coordinated support on the security vulnerability: CVE-2021-23285 – Micheal Heinzl via ICS-Cert
.
CVE-2021-23285 : Security issues in Eaton Intelligent Power Manager Infrastructure | SecurityVulnerability.io