Main Vulnerability Database Vulnerabilities #VU27871

#VU27871 Input validation error in Intelligent Power Manager - CVE-2020-6651

Published: May 13, 2020

Vulnerability identifier: #VU27871

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-6651

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Intelligent Power Manager

Software vendor:
Eaton

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system

The vulnerability exists due to the affected software does not validate the import configuration file names properly within "system_srv.js". A remote authenticated attacker can send specially crafted file names while uploading the config file in the application and execute arbitrary code on the target system.

Remediation

Install updates from vendor's website.

External links

https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-intelligent-power-manager-v1-1.pdf
https://www.zerodayinitiative.com/advisories/ZDI-20-649/

#VU27871 Input validation error in Intelligent Power Manager - CVE-2020-6651

Description

Remediation

External links

Please verify you're human