Filtered by vendor Eaton
Subscriptions
Filtered by product Intelligent Power Protector
Subscriptions
Total
14 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22615 | 1 Eaton | 2 Intelligent Power Protector, Ipp Software | 2026-04-22 | 6 Medium |
| Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code resulting in arbitrary command execution. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre. | ||||
| CVE-2026-22616 | 1 Eaton | 2 Intelligent Power Protector, Ipp Software | 2026-04-22 | 6.5 Medium |
| Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been fixed in the latest version of Eaton IPP which is available on the Eaton download centre. | ||||
| CVE-2026-22617 | 1 Eaton | 2 Intelligent Power Protector, Ipp Software | 2026-04-22 | 5.7 Medium |
| Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre. | ||||
| CVE-2026-22618 | 1 Eaton | 2 Intelligent Power Protector, Ipp Software | 2026-04-22 | 5.9 Medium |
| A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attacks. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download centre. | ||||
| CVE-2026-22619 | 1 Eaton | 2 Intelligent Power Protector, Ipp Software | 2026-04-22 | 7.8 High |
| Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. This security issue has been fixed in the latest version of Eaton IPP software which is available on the Eaton download center. | ||||
| CVE-2022-33861 | 1 Eaton | 1 Intelligent Power Protector | 2026-04-15 | 5.1 Medium |
| IPP software versions prior to v1.71 do not sufficiently verify the authenticity of data, in a way that causes it to accept invalid data. | ||||
| CVE-2022-33862 | 1 Eaton | 1 Intelligent Power Protector | 2026-04-15 | 6.7 Medium |
| IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems. | ||||
| CVE-2021-23288 | 1 Eaton | 1 Intelligent Power Protector | 2024-11-21 | 5.6 Medium |
| The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69. | ||||
| CVE-2021-23283 | 1 Eaton | 1 Intelligent Power Protector | 2024-11-21 | 5.2 Medium |
| Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software. | ||||
| CVE-2021-23280 | 1 Eaton | 3 Intelligent Power Manager, Intelligent Power Manager Virtual Appliance, Intelligent Power Protector | 2024-11-21 | 8 High |
| Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s maps_srv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious code or execute any command using a specially crafted packet to exploit the vulnerability. | ||||
| CVE-2021-23279 | 1 Eaton | 3 Intelligent Power Manager, Intelligent Power Manager Virtual Appliance, Intelligent Power Protector | 2024-11-21 | 8 High |
| Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveDriverData action using invalidated driverID. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed. | ||||
| CVE-2021-23278 | 1 Eaton | 3 Intelligent Power Manager, Intelligent Power Manager Virtual Appliance, Intelligent Power Protector | 2024-11-21 | 8.7 High |
| Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action removeBackground and server/node_upgrade_srv.js with action removeFirmware. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed. | ||||
| CVE-2021-23277 | 1 Eaton | 3 Intelligent Power Manager, Intelligent Power Manager Virtual Appliance, Intelligent Power Protector | 2024-11-21 | 8.3 High |
| Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful exploitation can allow attackers to control the input to the function and execute attacker controlled commands. | ||||
| CVE-2021-23276 | 1 Eaton | 3 Intelligent Power Manager, Intelligent Power Manager Virtual Appliance, Intelligent Power Protector | 2024-11-21 | 7.1 High |
| Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base. | ||||
Page 1 of 1.