CVE-2020-6651

Name of the Vulnerable Software and Affected Versions Eaton's Intelligent Power Manager (IPM) versions 1.67 and prior

Description The issue is related to improper input validation on file names during configuration file import functionality. This allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application.

Recommendations For versions 1.67 and prior, consider restricting the import of configuration files or validating file names to prevent specially crafted names from being uploaded until a fix is available. As a temporary workaround, avoid using the file import functionality for configuration files until the issue is resolved.