Vulnerability Description
Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eaton | Intelligent Power Manager | <= 1.67 |
Related Weaknesses (CWE)
References
- https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/secuMitigationVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-20-649/
- https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/secuMitigationVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-20-649/
FAQ
What is CVE-2020-6651?
CVE-2020-6651 is a vulnerability with a CVSS score of 8.8 (HIGH). Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code ex...
How severe is CVE-2020-6651?
CVE-2020-6651 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-6651?
Check the references section above for vendor advisories and patch information. Affected products include: Eaton Intelligent Power Manager.