CVE-2021-23281 — CRITICAL (10.0)

Q: How severe is CVE-2021-23281?

CVE-2021-23281 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-23281?

Check the references section above for vendor advisories and patch information. Affected products include: Eaton Intelligent Power Manager.

Vulnerability Description

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action in meta_driver_srv.js class. Attackers can send a specially crafted packet to make IPM connect to rouge SNMP server and execute attacker-controlled code.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Eaton	Intelligent Power Manager	< 1.69

Related Weaknesses (CWE)

CWE-94

References

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/secuVendor Advisory
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/secuVendor Advisory

FAQ

What is CVE-2021-23281?

CVE-2021-23281 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated remote code execution vulnerability. IPM software does not sanitize the date provided via coverterCheckList action ...

How severe is CVE-2021-23281?

CVE-2021-23281 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-23281?

Check the references section above for vendor advisories and patch information. Affected products include: Eaton Intelligent Power Manager.