Security for everyone

CVE-2018-12031 Scanner

Detects 'Directory Traversal' vulnerability in Eaton Intelligent Power Manager affects v. 1.6.

SCAN NOW

Short Info


Level

Critical

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

CVE-2018-12031 Scanner Detail

Eaton Intelligent Power Manager (IPM) is a software solution used for remotely managing and monitoring power devices such as Uninterruptible Power Supplies (UPS) and Power Distribution Units (PDU). Employed in data centers, healthcare facilities, and industrial plants, IPM provides real-time monitoring and control of power devices, enabling administrators to minimize downtime and maintain business continuity. 

Recently, a critical vulnerability was detected in IPM, marked as CVE-2018-12031. This vulnerability allows attackers to exploit a local file inclusion flaw via the server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action. With this exploit, an attacker can remotely execute arbitrary code by uploading a malicious firmware update package to the affected device, which can lead to full system compromise. 

If the vulnerability is fully exploited, the attackers could steal data, sabotage the power devices, and cause extended periods of downtime. They may also manipulate the software to modify the power systems, leading to power outages, hardware damages, and even loss of lives. The danger is amplified by the fact that IPM is used in critical infrastructure where reliable and continuous power is paramount.

With the pro features of the securityforeveryone.com platform, you can get in-depth insights into the vulnerabilities present in your digital assets. For instance, the platform conducts full vulnerability scans and offers detailed reports that categorize the vulnerabilities based on severity, about devices such as IPM. Further, you can subscribe to receive real-time notifications when new CVEs or updated software versions of IPM are released, which enables you to act fast and secure your IT infrastructure before being attacked.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture