Eaton Intelligent Power Manager

Plan PatchCVSS 8.8ICS-CERT ICSA-20-133-01May 12, 2020

EatonEnergy

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Eaton Intelligent Power Manager versions 1.67 and prior contain input validation (CWE-20) and permission enforcement (CWE-266) flaws that could allow command injection or code execution. A non-administrator user with network access to ports 4679 or 4680 could exploit these vulnerabilities to execute commands on the system or manipulate power management configurations. Eaton has released version 1.68 which addresses these issues. In the interim, blocking ports 4679 and 4680 at the firewall and isolating the system from the business network are recommended.

What this means

What could happen

An attacker with network access could run arbitrary commands on the Intelligent Power Manager system or manipulate system configurations, potentially causing power management failures or unauthorized changes to electrical distribution settings.

Who's at risk

Energy sector organizations operating Eaton Intelligent Power Manager for electrical distribution and power management, particularly municipal utilities and facilities with remote monitoring or management capabilities.

How it could be exploited

An attacker with credentials for a non-administrator user could exploit input validation flaws (CWE-20) or permission issues (CWE-266) to inject commands or execute code on the Intelligent Power Manager system via network ports 4679 or 4680.

Prerequisites

Network access to ports 4679 or 4680 on the Intelligent Power Manager system
Valid non-administrator user credentials for the Intelligent Power Manager application

remotely exploitablelow complexityrequires valid user credentialsaffects critical infrastructure control systemnetwork reachability enables attack

Exploitability

Some exploitation risk — EPSS score 1.1%

Affected products (1)

ProductAffected VersionsFix Status

Intelligent Power Manager: v1.67 and prior≤ 1.671.68

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDBlock ports 4679 and 4680 at the network firewall boundary to restrict unauthorized access to Intelligent Power Manager

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Intelligent Power Manager to version 1.68 or later

Long-term hardening

0/2

HARDENINGIsolate the Intelligent Power Manager system and power management network from the business network using a firewall or air gap

HARDENINGIf remote access to Intelligent Power Manager is required, require VPN connection from authorized management workstations only

CVEs (2)

CVE-2020-6651 CVE-2020-6652

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f8172aed-d7a5-40bc-8a3a-84aef9d16c71

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.