Our new Biannual ICS Risk & Vulnerability Report is the most up-to-date look at CVEs disclosed in OT devices.
Check it out!
CODE INJECTION CWE-94 Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to an unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via the “coverterCheckList” function in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to rouge SNMP server and execute attacker-controlled code.