#VU63035 Improper Neutralization of Formula Elements in a CSV File in Intelligent Power Manager Infrastructure - CVE-2021-23286
Published: May 11, 2022
Vulnerability identifier: #VU63035
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-23286
CWE-ID: CWE-1236
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Intelligent Power Manager Infrastructure
Intelligent Power Manager Infrastructure
Software vendor:
Eaton
Eaton
Description
The vulnerability allows a remote user to compromsie the target system.
The vulnerability exists due to improper neutralization of formula elements in a CSV File. An administrator on the local network can inject formulas into the tag data.
Remediation
Install updates from vendor's website.
External links
- https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-(IPM)-Infrastructure-Vulnerability-Advisory_1001c_V1.0.pdf
- https://www.eaton.com/content/dam/eaton/products/backup-power-ups-surge-it-power-distribution/power-management-software-connectivity/eaton-intelligent-power-manager/software/ipm-understand-edition-emea/eaton-ipminfra-eolmemo-en-us.pdf.