8
CVE-2021-23286
- EPSS 0.4%
- Veröffentlicht 18.04.2022 17:15:14
- Zuletzt bearbeitet 21.11.2024 05:51:30
- Quelle CybersecurityCOE@eaton.com
- CVE-Watchlists
- Unerledigt
LoginSecurity issues in Eaton Intelligent Power Manager Infrastructure
Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Eaton ≫ Intelligent Power Manager Version <= 1.5.0plus205
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.318 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8 | 2.1 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.9 | 5.5 | 10 |
AV:A/AC:M/Au:N/C:C/I:C/A:C
|
| CybersecurityCOE@eaton.com | 5.7 | 0.9 | 4.7 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
|
CWE-1236 Improper Neutralization of Formula Elements in a CSV File
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-%28IPM%29-Infrastructure-Vulnerability-Advisory_1001c_V1.0.pdf
https://www.eaton.com/content/dam/eaton/products/backup-power-ups-surge-it-power-distribution/power-management-software-connectivity/eaton-intelligent-power-manager/software/ipm-understand-edition-emea/eaton-ipminfra-eolmemo-en-us.pdf.