CVE-2020-6651
HIGHEaton Intelligent Power Manager < 1.67 - OS Command Injection via Configuration File Import
Title source: llmDescription
Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application.
References (2)
Core 2
Core References
Mitigation, Vendor Advisory x_refsource_misc
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-intelligent-power-manager-v1-1.pdf
Third Party Advisory x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-20-649/
Scores
CVSS v3
8.8
EPSS
0.0215
EPSS Percentile
79.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
CWE-78
Status
published
Products (1)
eaton/intelligent_power_manager
< 1.67
Published
May 07, 2020
Tracked Since
Feb 18, 2026