CVE-2021-23279

Name of the Vulnerable Software and Affected Versions Eaton Intelligent Power Manager (IPM) versions prior to 1.69

Description The issue arises from improper input validation in the meta driver srv.js class, specifically with the saveDriverData action using an invalidated driverID. This allows an attacker to send specially crafted packets to delete files on the system where the IPM software is installed.

Recommendations For versions prior to 1.69, update to version 1.69 or later to resolve the issue. As a temporary workaround, consider restricting access to the meta driver srv.js class to minimize the risk of exploitation. Avoid using the driverID variable in the affected saveDriverData action until the issue is resolved.