CVE-2020-6652

Name of the Vulnerable Software and Affected Versions Eaton Intelligent Power Manager versions 1.67 and prior

Description The issue allows non-admin users to upload system configuration files by sending specially crafted requests, potentially resulting in non-admin users manipulating system configurations via uploading configurations with incorrect parameters.

Recommendations For versions 1.67 and prior, consider restricting access to the system configuration upload feature to prevent non-admin users from manipulating system configurations until a patch is available. As a temporary workaround, limit the ability of non-admin users to send specially crafted requests to the system. Restrict access to system configuration files to minimize the risk of exploitation.