CVE-2021-23286

Security issues in Eaton Intelligent Power Manager Infrastructure

Description

Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to CSV Formula Injection. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions.

Remediation

Solution:

  • The product has reached its End Of Life, the notification has been posted at: Lifecycle Notification: The transition to IPM Monitor Edition is in progress. Refer the Product page for further details.

Category

5.7
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.10%
Affected: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure)
Published at:
Updated at:

References

Link Tags
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-%28IPM%29-Infrastructure-Vulnerability-Advisory_1001c_V1.0.pdf
https://www.eaton.com/content/dam/eaton/products/backup-power-ups-surge-it-power-distribution/power-management-software-connectivity/eaton-intelligent-power-manager/software/ipm-understand-edition-emea/eaton-ipminfra-eolmemo-en-us.pdf. broken link

Frequently Asked Questions

What is the severity of CVE-2021-23286?
CVE-2021-23286 has been scored as a medium severity vulnerability.
How to fix CVE-2021-23286?
To fix CVE-2021-23286: The product has reached its End Of Life, the notification has been posted at: Lifecycle Notification: The transition to IPM Monitor Edition is in progress. Refer the Product page for further details.
Is CVE-2021-23286 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-23286 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-23286?
CVE-2021-23286 affects Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure).
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.