hotelshoogl.blogg.se - Eaton intelligent power manager

#Eaton intelligent power manager update
#Eaton intelligent power manager upgrade

Use complex secure passwords or passphrases. Change default passwords following initial startup.Create security zones for devices with common security requirements using barrier devices (e.g., firewalls, data diodes).Disable/deactivate unused communication channels, TCP/UDP ports and services (e.g., SNMP, FTP, BootP, DHCP, etc.) on networked devices.Enable audit logs on all devices and applications.

#Eaton intelligent power manager update

Regularly update software and applications to the latest versions available, as applicable.

Remote access should use secure methods, such as virtual private networks (VPNs), updated to the most current version available.

Remote access to control system networks should be made available on a strict need-to-use basis.

Deploy control system networks and remote devices behind barrier devices (e.g., firewalls, data diodes) and isolate them from business networks.

Restrict exposure to external networks for all control system devices and/or systems and ensure they are not directly accessible from the open Internet.

Ensure users are restricted to only the privilege levels necessary to complete their job roles/functions. Use the available access control mechanisms properly to ensure system and application access is restricted to legitimate users only. IPM provides various types of administrative, operational, and configuration privilege levels.

#Eaton intelligent power manager upgrade

MITIGATIONSĮaton recommends users upgrade to the latest version of Intelligent Power Manager:Įaton recommends users follow the security best practices and configure the logical access mechanisms provided in IPM to safeguard the application from unauthorized access. Michael Heinzl reported this vulnerability to CISA. CRITICAL INFRASTRUCTURE SECTORS: Multiple Sectors.A CVSS v3 base score of 5.2 has been calculated the CVSS vector string is ( AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). An attacker would need access to the local subnet and an administrator interaction to compromise the system.ĬVE-2021-23282 has been assigned to this vulnerability. The affected product is vulnerable to a reflected cross-site scripting vulnerability due to insufficient validation of input from certain resources by the IPM software. Eaton Intelligent Power Manager (IPM) v1: All versions prior to v1.70ģ.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79.The following versions of Eaton IPM, a power management platform, are affected: Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code using untrusted data. Equipment: Intelligent Power Manager (IPM) v1.ATTENTION: Exploitable remotely/low attack complexity.