CVE-2021-23281

CODE INJECTION CWE-94
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to an unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via the “coverterCheckList” function in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to rouge SNMP server and execute attacker-controlled code.

Risk Information

  • CVE ID
  • CVE-2021-23281
  • Vendor
  • Eaton
  • Product
  • Eaton Intelligent Power Manager
  • CVSS v3
  • 8.3