OTPulse
FeedAboutContact

Eaton Intelligent Power Protector

Monitor5.2ICS-CERT ICSA-22-130-02May 10, 2022
Attack VectorAdjacent
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary

Intelligent Power Protector (IPP) before version 1.69 release 166 contains an input validation vulnerability (CWE-79) that could allow an attacker to execute arbitrary code using untrusted data injected into the device interface. The vulnerability affects the web interface of all Eaton IPP versions prior to 1.69 release 166.

What this means
What could happen
An attacker with network access to the IPP interface could execute arbitrary code on the device, potentially disrupting power protection monitoring and control in critical energy infrastructure.
Who's at risk
Energy operators using Eaton Intelligent Power Protector units in UPS and power distribution systems should be concerned. This affects facilities relying on IPP for power quality monitoring and uninterruptible power supply (UPS) management, including data centers, electrical utilities, and any critical facility with Eaton power protection equipment.
How it could be exploited
An attacker on the network segment with access to the Intelligent Power Protector interface could inject untrusted data through the web interface (CWE-79 suggests input validation weakness) to trigger arbitrary code execution on the device, compromising the integrity of power protection logic.
Prerequisites
  • Network access to the Intelligent Power Protector web interface (typically port 80/443)
  • Local network presence or ability to reach the device interface
no patch availableaffects power protection systemslow complexity attackinput validation weakness (CWE-79)
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
Intelligent Power Protector (IPP): All<1.69 release 166No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGImplement network segmentation to restrict access to the IPP interface to authorized engineering workstations and administrative stations only
HARDENINGDeploy firewall rules to allow only necessary inbound connections to the IPP interface and block access from untrusted network segments
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor for potential exploitation attempts targeting the IPP interface
WORKAROUNDEvaluate applying input validation or web application firewall rules if available to filter suspicious input to the IPP interface
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/1be2acc8-3c95-453c-b8ab-b6cd4c7ca5f0