CVE-2021-23276 HIGH

CVE-2021-23276: Improper Neutralization of Special Elements used in an SQL Command

Vendor Eaton
Product Intelligent Power manager (IPM)
Weakness CWE-89 · SQLi
Published April 13, 2021
Last update September 17, 2024

CVSS base score

7.1/10
Attack vector Adjacent
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base.

Key dates

02Disclosure timeline

April 13, 2021 CVE published
September 17, 2024 Record updated