CVSS: 6.7EPSS: %CPEs: 1EXPL: 0CVE-2022-33862 – Improper access control mechanism in IPP
https://notcve.org/view.php?id=CVE-2022-33862
IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/ETN-VA-2022-1011.pdf • CWE-287: Improper Authentication •
CVSS: 5.1EPSS: %CPEs: 1EXPL: 0CVE-2022-33861 – Insufficient verification of authenticity in IPP
https://notcve.org/view.php?id=CVE-2022-33861
IPP software versions prior to v1.71 do not sufficiently verify the authenticity of data, in a way that causes it to accept invalid data. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/ETN-VA-2022-1011.pdf • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23283 – Security issues in Eaton Intelligent Power Protector (IPP)
https://notcve.org/view.php?id=CVE-2021-23283
Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software. Eaton Intelligent Power Protector (IPP) versiones anteriores a 1.69 es vulnerable al Cross Site Scripting almacenado. La vulnerabilidad es presentada debido a una insuficiente comprobación de la entrada del usuario y a una codificación inapropiada de la salida de determinados recursos dentro del software IPP • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1001b_V1.0.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23288 – Security issues in Intelligent Power Protector
https://notcve.org/view.php?id=CVE-2021-23288
The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69. La vulnerabilidad se presenta debido a una insuficiente comprobación de la entrada de determinados recursos por parte del software IPP. El atacante necesitaría acceso a la subred local y una interacción de administrador para comprometer el sistema. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Protector-Vulnerability-Advisory_1002b_V1.0.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2021-23280 – Arbitrary File upload
https://notcve.org/view.php?id=CVE-2021-23280
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s maps_srv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious code or execute any command using a specially crafted packet to exploit the vulnerability. Eaton Intelligent Power Manager (IPM) versiones anteriores a 1.69, es susceptible a una vulnerabilidad de carga de archivos arbitraria autenticada. El archivo Maps_srv.js de IPM permite a un atacante cargar un archivo NodeJS malicioso usando la acción uploadBackgroud. • https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-intelligent-power-manager-ipm-vulnerability-advisory.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •