CVE-2021-23280

Name of the Vulnerable Software and Affected Versions Eaton Intelligent Power Manager (IPM) versions prior to 1.69

Description The issue allows for authenticated arbitrary file upload. Specifically, the maps srv.js component is vulnerable, enabling an attacker to upload malicious NodeJS files using the uploadBackgroud action. This can be exploited by sending a specially crafted packet, potentially allowing the execution of arbitrary commands or the upload of malicious code.

Recommendations For versions prior to 1.69, update to version 1.69 or later to resolve the issue. As a temporary workaround, consider restricting access to the maps srv.js component and the uploadBackgroud action to minimize the risk of exploitation.