{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T14:12:40.751","vulnerabilities":[{"cve":{"id":"CVE-2021-23277","sourceIdentifier":"CybersecurityCOE@eaton.com","published":"2021-04-13T19:15:14.740","lastModified":"2024-11-21T05:51:29.183","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful exploitation can allow attackers to control the input to the function and execute attacker controlled commands."},{"lang":"es","value":"Eaton Intelligent Power Manager (IPM) versiones anteriores a 1.69, es susceptible a una vulnerabilidad de inyección de evaluación no autenticada. El software no neutraliza el código syntax de los usuarios antes de usarlo en la llamada de evaluación dinámica en la función loadUserFile en el archivo scripts/libs/utils.js. Una explotación con éxito puede permitir a atacantes controlar la entrada a la función y ejecutar comandos controlados por el atacante"}],"metrics":{"cvssMetricV31":[{"source":"CybersecurityCOE@eaton.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"CybersecurityCOE@eaton.com","type":"Secondary","description":[{"lang":"en","value":"CWE-95"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eaton:intelligent_power_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"1.69","matchCriteriaId":"5E2C63CA-B479-49C4-8C98-F5AE9BF06A2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:eaton:intelligent_power_manager_virtual_appliance:*:*:*:*:*:*:*:*","versionEndExcluding":"1.69","matchCriteriaId":"10CFCD42-A9D6-468B-9287-03B4341B129A"},{"vulnerable":true,"criteria":"cpe:2.3:a:eaton:intelligent_power_protector:*:*:*:*:*:*:*:*","versionEndExcluding":"1.68","matchCriteriaId":"4A67B7A8-E508-4854-9437-BF702692948C"}]}]}],"references":[{"url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-intelligent-power-manager-ipm-vulnerability-advisory.pdf","source":"CybersecurityCOE@eaton.com","tags":["Vendor Advisory"]},{"url":"https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-intelligent-power-manager-ipm-vulnerability-advisory.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}