CISA has published an advisory on improper input validation and incorrect privilege assignment vulnerabilities in Eaton Intelligent Power Manager. Versions 1.67 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to perform command injection or code execution and allow non-administrator users to manipulate the system configurations. Eaton has released Intelligent Power Manager v1.68 to address the reported vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.
H2OSecCon Spring 2024 - featuring panels and briefings on cybersecurity, physical security, operational resilience, and more - is on May 23. REGISTER NOW!