CVE-2021-23281
Remote Code execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to rouge SNMP server and execute attacker-controlled code.
Eaton Intelligent Power Manager (IPM) versiones anteriores a 1.69, es susceptible a una vulnerabilidad de ejecución de código remota no autenticada. El software IPM no sanea la fecha proporcionada por medio de la acción coverterCheckList en la clase meta_driver_srv.js. Los atacantes pueden enviar un paquete especialmente diseñado para hacer que IPM se conecte al servidor SNMP y ejecutar código controlado por el atacante
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-08 CVE Reserved
- 2021-04-13 CVE Published
- 2024-03-07 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Eaton Search vendor "Eaton" | Intelligent Power Manager Search vendor "Eaton" for product "Intelligent Power Manager" | < 1.69 Search vendor "Eaton" for product "Intelligent Power Manager" and version " < 1.69" | - |
Affected
| ||||||