Eaton Intelligent Power Manager Infrastructure

Monitor5.7ICS-CERT ICSA-22-130-03May 10, 2022

Attack VectorAdjacent

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Eaton Intelligent Power Manager Infrastructure (versions 1.5.0 and earlier) contains input validation and cross-site scripting vulnerabilities (CWE-79, CWE-1236) that allow exploitation through untrusted data. Successful exploitation could result in arbitrary code execution on the system managing power distribution infrastructure.

What this means

What could happen

An attacker with administrative access to Eaton Intelligent Power Manager Infrastructure could execute arbitrary code on the system, potentially allowing them to modify power management settings, disable monitoring, or disrupt electric distribution operations.

Who's at risk

Electric utilities and facilities managers using Eaton Intelligent Power Manager Infrastructure for centralized power distribution monitoring and control. This includes any organization using IPM Infrastructure versions 1.5.0 and earlier for managing switchgear, distribution panels, or backup power systems.

How it could be exploited

An attacker with valid administrative credentials (or after compromising an engineer's workstation) could submit untrusted data through the IPM Infrastructure web interface or API, exploiting CWE-79 (cross-site scripting) or CWE-1236 (unsanitized input handling) to execute arbitrary code on the server hosting the power management infrastructure.

Prerequisites

Valid administrative credentials or compromise of an authorized engineering workstation
Network access to the Eaton IPM Infrastructure management interface (typically port 80/443)
Knowledge of the specific data injection point or exploitation vector

No patch availableRequires administrative credentialsAffects power management systems

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

Intelligent Power Manager Infrastructure (IPM Infrastructure): All* | 1.5.0 plus205No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGRestrict network access to Eaton IPM Infrastructure management interface to authorized engineering workstations only using firewall rules or network segmentation

HARDENINGEnforce strong password policies and multi-factor authentication for all administrative accounts on the IPM Infrastructure system

WORKAROUNDImplement input validation and sanitization at the firewall or web application firewall (WAF) level to filter potentially malicious payloads

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor logs and network traffic to the IPM Infrastructure for signs of suspicious input or unauthorized access attempts

Mitigations - no patch available

0/1

Intelligent Power Manager Infrastructure (IPM Infrastructure): All has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGEvaluate migration to alternative power management solutions or newer versions of Eaton products that address these vulnerabilities

CVEs (3)

CVE-2021-23284 CVE-2021-23285 CVE-2021-23286

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/6d5ae304-91c9-47a8-a247-1c598973bc95