CVE-2021-23284
published 2022-04-18CVE-2021-23284: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to Stored Cross-site Scripting…
PriorityP419medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.47%
37.1th percentile
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to Stored Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eaton | intelligent_power_manager_infrastructure | <= 1.5.0plus205 | — |
| eaton | intelligent_power_manager_infrastructure | all – 1.5.0plus205 | — |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Eaton Intelligent Power Manager Infrastructure
cisa_ics·2022-05-10·CVSS 5.7
[MEDIUM] Eaton Intelligent Power Manager Infrastructure
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Eaton Intelligent Power Manager Infrastructure
Last RevisedMay 10, 2022
Alert CodeICSA-22-130-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 5.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Eaton
- Equipment: Intelligent Power Manager Infrastructure
- Vulnerabilities: Cross-site Scripting, Reflected Cross-site Scripting, Improper Neutralization of Formula in a CSV File
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code using untrusted data.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
T
GHSA
GHSA-jj83-j2wm-6v49: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1
ghsa_unreviewed·2022-04-19
CVE-2021-23284 [MEDIUM] CWE-79 GHSA-jj83-j2wm-6v49: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to Stored Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-%28IPM%29-Infrastructure-Vulnerability-Advisory_1001c_V1.0.pdfhttps://www.eaton.com/content/dam/eaton/products/backup-power-ups-surge-it-power-distribution/power-management-software-connectivity/eaton-intelligent-power-manager/software/ipm-understand-edition-emea/eaton-ipminfra-eolmemo-en-us.pdf.https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-%28IPM%29-Infrastructure-Vulnerability-Advisory_1001c_V1.0.pdfhttps://www.eaton.com/content/dam/eaton/products/backup-power-ups-surge-it-power-distribution/power-management-software-connectivity/eaton-intelligent-power-manager/software/ipm-understand-edition-emea/eaton-ipminfra-eolmemo-en-us.pdf.
2022-04-18
Published