CVE-2021-23279

HIGH

Eaton Intelligent Power Manager < 1.69 - Unauthenticated Arbitrary File Delete

Title source: llm
STIX 2.1

Description

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveDriverData action using invalidated driverID. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed.

Scores

CVSS v3 8.0
EPSS 0.2709
EPSS Percentile 97.8%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

Details

CWE
CWE-20
Status published
Products (3)
eaton/intelligent_power_manager < 1.69
eaton/intelligent_power_manager_virtual_appliance < 1.69
eaton/intelligent_power_protector < 1.68
Published Apr 13, 2021
Tracked Since Feb 18, 2026