CISA has published an advisory on improper input validation and incorrect privilege assignment vulnerabilities in Eaton Intelligent Power Manager. Versions 1.67 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to perform command injection or code execution and allow non-administrator users to manipulate the system configurations. Eaton has released Intelligent Power Manager v1.68 to address the reported vulnerabilities. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.