Eaton.IPM.meta_driver_srv.Arbitrary.File.Deletion
Description
This indicates an attack attempt to exploit an Arbitrary File Deletion Vulnerability in Eaton Intelligent Power Protector.
The vulnerability is due to missing input validation in meta_driver_srv.js. A remote unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted packet. Successful exploitation of these vulnerabilities could allow attackers to delete arbitrary files on the target system.
Affected Products
Eaton Intelligent Power Manager 1.69 and prior
Eaton Intelligent Power Protector 1.68 and prior
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-intelligent-power-manager-ipm-vulnerability-advisory.pdf
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |