Details of VAR-202104-1552

ID

VAR-202104-1552

CVE

CVE-2021-23276

TITLE

Eaton Intelligent Power Manager SQL injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-31670 // CNNVD: CNNVD-202104-953

DESCRIPTION

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially crafted packet to exploit the vulnerability. Successful exploitation of this vulnerability can allow attackers to add users in the data base. It supports remote monitoring and management of multiple devices in the network from the interface. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.07

sources: NVD: CVE-2021-23276 // CNVD: CNVD-2021-31670 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-23276

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-31670

AFFECTED PRODUCTS

vendor:	eaton	model:	intelligent power manager	scope:	lt	version:	1.69	Trust: 1.6
vendor:	eaton	model:	intelligent power protector	scope:	lt	version:	1.68	Trust: 1.0
vendor:	eaton	model:	intelligent power manager virtual appliance	scope:	lt	version:	1.69	Trust: 1.0

sources: CNVD: CNVD-2021-31670 // NVD: CVE-2021-23276

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-23276
value:	HIGH
Trust: 1.0
CybersecurityCOE@eaton.com:	CVE-2021-23276
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-31670
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-953
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-23276
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-23276
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-31670
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-23276
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
CybersecurityCOE@eaton.com:	CVE-2021-23276
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-31670 // VULMON: CVE-2021-23276 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-953 // NVD: CVE-2021-23276 // NVD: CVE-2021-23276

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.0

sources: NVD: CVE-2021-23276

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-953

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:

Patch for Eaton Intelligent Power Manager SQL injection vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/261881

Trust: 0.6

sources: CNVD: CNVD-2021-31670

EXTERNAL IDS

db:	NVD	id:	CVE-2021-23276	Trust: 2.3
db:	CNVD	id:	CNVD-2021-31670	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-110-06	Trust: 0.6
db:	CS-HELP	id:	SB2021042130	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-953	Trust: 0.6
db:	VULMON	id:	CVE-2021-23276	Trust: 0.1

sources: CNVD: CNVD-2021-31670 // VULMON: CVE-2021-23276 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-953 // NVD: CVE-2021-23276

REFERENCES

url:	https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/eaton-intelligent-power-manager-ipm-vulnerability-advisory.pdf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23276	Trust: 1.2
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-110-06	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042130	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/89.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-31670 // VULMON: CVE-2021-23276 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-953 // NVD: CVE-2021-23276

SOURCES

db:	CNVD	id:	CNVD-2021-31670
db:	VULMON	id:	CVE-2021-23276
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202104-953
db:	NVD	id:	CVE-2021-23276

LAST UPDATE DATE

2024-11-23T20:30:00.725000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-31670	date:	2021-04-28T00:00:00
db:	VULMON	id:	CVE-2021-23276	date:	2021-04-21T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-953	date:	2021-04-22T00:00:00
db:	NVD	id:	CVE-2021-23276	date:	2024-11-21T05:51:29.067

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-31670	date:	2021-04-28T00:00:00
db:	VULMON	id:	CVE-2021-23276	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-953	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-23276	date:	2021-04-13T19:15:14.600