CVE-2021-23282
published 2024-11-25CVE-2021-23282: Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of…
PriorityP431medium5.2CVSS 3.1
AVAACLPRHUINSUCNILAH
EPSS
8.23%
94.2th percentile
Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The
vulnerability exists due to insufficient validation of input from certain resources by the IPM software.
The attacker would need access to the local Subnet and an administrator interaction to compromise
the system
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eaton | intelligent_power_manager | < 1.70 | 1.70 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Eaton Intelligent Power Manager
cisa_ics·2022-05-10·CVSS 5.2
[MEDIUM] Eaton Intelligent Power Manager
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Eaton Intelligent Power Manager
Last RevisedMay 10, 2022
Alert CodeICSA-22-130-04
## 1. EXECUTIVE SUMMARY
- CVSS v3 5.2
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Eaton
- Equipment: Intelligent Power Manager (IPM) v1
- Vulnerability: Cross-site Scripting
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code using untrusted data.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Eaton IPM, a power management platform, are affected:
- Eaton Intelligent Power Ma
GHSA
GHSA-g6vg-j7j8-pc25: Eaton Intelligent Power Manager (IPM) prior to 1
ghsa_unreviewed·2024-11-25
CVE-2021-23282 [MEDIUM] CWE-79 GHSA-g6vg-j7j8-pc25: Eaton Intelligent Power Manager (IPM) prior to 1
Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The
vulnerability exists due to insufficient validation of input from certain resources by the IPM software.
The attacker would need access to the local Subnet and an administrator interaction to compromise
the system
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-25
Published