|
|||
Rule General Information |
---|
Release Date: | 2021-05-13 | |
Rule Name: | Eaton Intelligent Power Manager system_srv Command Injection Vulnerability (CVE-2020-6651) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application. | |
Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
Affected OS: | Others | |
Reference: | https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-intelligent-power-manager-v1-1.pdf ZeroDayInitiative:ZDI-20-649 |
|
Solutions |
---|
The vendor has released upgrade patches to fix vulnerabilities, please visit: https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-intelligent-power-manager-v1-1.pdf |