{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T06:45:08.828","vulnerabilities":[{"cve":{"id":"CVE-2020-6651","sourceIdentifier":"CybersecurityCOE@eaton.com","published":"2020-05-07T16:15:11.313","lastModified":"2024-11-21T05:36:05.900","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application."},{"lang":"es","value":"La Comprobación de Entrada Inapropiada en Eaton Intelligent Power Manager (IPM) versiones v1.67 y anteriores, en el nombre del archivo durante la funcionalidad de importación del archivo de configuración permite a atacantes realizar la inyección de comandos o la ejecución del código por medio de nombres de archivo especialmente diseñados mientras se carga el archivo de configuración en la aplicación."}],"metrics":{"cvssMetricV31":[{"source":"CybersecurityCOE@eaton.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"CybersecurityCOE@eaton.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eaton:intelligent_power_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"1.67","matchCriteriaId":"E94000EF-A58E-4E02-93B2-2FA18D6DD0E6"}]}]}],"references":[{"url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-intelligent-power-manager-v1-1.pdf","source":"CybersecurityCOE@eaton.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-649/","source":"CybersecurityCOE@eaton.com"},{"url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-vulnerability-advisory-intelligent-power-manager-v1-1.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-20-649/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}