CVE-2021-23286

MEDIUM

Eaton IPM Infrastructure <1.5.0plus205 - Code Injection

Title source: llm

Description

Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions.

References (2)

[Various Sources] https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-%28IPM%29-Infrastructure-Vulnerability-Advisory_1001c_V1.0.pdf

[Broken Link] https://www.eaton.com/content/dam/eaton/products/backup-power-ups-surge-it-power-distribution/power-management-software-connectivity/eaton-intelligent-power-manager/software/ipm-understand-edition-emea/eaton-ipminfra-eolmemo-en-us.pdf.

Scores

CVSS v3 5.7

EPSS 0.0010

EPSS Percentile 26.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H

Details

CWE

CWE-1236

Status published

Products (1)

eaton/intelligent_power_manager < 1.5.0plus205

Published Apr 18, 2022

Tracked Since Feb 18, 2026