Threat Encyclopedia

Eaton.IPM.removeBackground.Arbitrary.File.Deletion

Description

This indicates an attack attempt to exploit a Directory Traversal Vulnerability in Eaton Intelligent Power Protector.
The vulnerability is due to missing input validation in maps_srv.js and node_upgrade_srv.js. A remote authenticated attacker could exploit this vulnerability by sending a maliciously crafted packet. Successful exploitation of these vulnerabilities could allow attackers to delete arbitrary files on the target system.

Affected Products

Eaton Intelligent Power Manager 1.69 and prior
Eaton Intelligent Power Protector 1.68 and prior

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

CVE References

CVE-2021-23278

Other References

ICSA-21-110-06