CVE-2021-23276

HIGH

Eaton IPM <1.69 - Authenticated SQL Injection

Title source: llm
STIX 2.1

Description

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base.

Scores

CVSS v3 7.1
EPSS 0.0079
EPSS Percentile 52.2%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (3)
eaton/intelligent_power_manager < 1.69
eaton/intelligent_power_manager_virtual_appliance < 1.69
eaton/intelligent_power_protector < 1.68
Published Apr 13, 2021
Tracked Since Feb 18, 2026