CVE-2021-23278

HIGH

Eaton IPM <1.69 - Privilege Escalation

Title source: llm
STIX 2.1

Description

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action removeBackground and server/node_upgrade_srv.js with action removeFirmware. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed.

Scores

CVSS v3 8.7
EPSS 0.0101
EPSS Percentile 58.9%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Details

CWE
CWE-20
Status published
Products (3)
eaton/intelligent_power_manager < 1.69
eaton/intelligent_power_manager_virtual_appliance < 1.69
eaton/intelligent_power_protector < 1.68
Published Apr 13, 2021
Tracked Since Feb 18, 2026