Show plain JSON{"containers": {"cna": {"affected": [{"product": "Intelligent Power manager (IPM)", "vendor": "Eaton", "versions": [{"lessThanOrEqual": "1.67", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Eaton would like to thank Sivathmican Sivakumaran for working with Eaton and helping Eaton in releasing more robust and secure products."}], "datePublic": "2020-05-04T00:00:00", "descriptions": [{"lang": "en", "value": "Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-05-12T21:06:24", "orgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "shortName": "Eaton"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-intelligent-power-manager-v1-1.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-649/"}], "solutions": [{"lang": "en", "value": "Update the software to latest version 1.68."}], "source": {"advisory": "ETN-VA-202-1004", "defect": ["ETN-VA-202-1004"], "discovery": "EXTERNAL"}, "title": "Command injection via specially crafted file name during config file upload", "workarounds": [{"lang": "en", "value": "Block ports 4679 & 4680 at enterprise network or home network where Intelligent Power Manager (IPM) software is installed and used."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "CybersecurityCOE@eaton.com", "DATE_PUBLIC": "2020-05-04T10:43:00.000Z", "ID": "CVE-2020-6651", "STATE": "PUBLIC", "TITLE": "Command injection via specially crafted file name during config file upload"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intelligent Power manager (IPM)", "version": {"version_data": [{"version_affected": "<=", "version_value": "1.67"}]}}]}, "vendor_name": "Eaton"}]}}, "credit": [{"lang": "eng", "value": "Eaton would like to thank Sivathmican Sivakumaran for working with Eaton and helping Eaton in releasing more robust and secure products."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-intelligent-power-manager-v1-1.pdf", "refsource": "MISC", "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-intelligent-power-manager-v1-1.pdf"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-649/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-649/"}]}, "solution": [{"lang": "en", "value": "Update the software to latest version 1.68."}], "source": {"advisory": "ETN-VA-202-1004", "defect": ["ETN-VA-202-1004"], "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Block ports 4679 & 4680 at enterprise network or home network where Intelligent Power Manager (IPM) software is installed and used."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:11:05.013Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-intelligent-power-manager-v1-1.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-649/"}]}]}, "cveMetadata": {"assignerOrgId": "63703b7d-23e2-41ef-94b3-a3c6333f7759", "assignerShortName": "Eaton", "cveId": "CVE-2020-6651", "datePublished": "2020-05-07T15:58:21.660327Z", "dateReserved": "2020-01-09T00:00:00", "dateUpdated": "2024-09-16T23:06:52.876Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}