CVE-2018-12031 Scanner

Eaton Intelligent Power Manager (IPM) is a software solution used for remotely managing and monitoring power devices such as Uninterruptible Power Supplies (UPS) and Power Distribution Units (PDU). Employed in data centers, healthcare facilities, and industrial plants, IPM provides real-time monitoring and control of power devices, enabling administrators to minimize downtime and maintain business continuity. 

Recently, a critical vulnerability was detected in IPM, marked as CVE-2018-12031. This vulnerability allows attackers to exploit a local file inclusion flaw via the server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action. With this exploit, an attacker can remotely execute arbitrary code by uploading a malicious firmware update package to the affected device, which can lead to full system compromise. 

If the vulnerability is fully exploited, the attackers could steal data, sabotage the power devices, and cause extended periods of downtime. They may also manipulate the software to modify the power systems, leading to power outages, hardware damages, and even loss of lives. The danger is amplified by the fact that IPM is used in critical infrastructure where reliable and continuous power is paramount.

With the pro features of the securityforeveryone.com platform, you can get in-depth insights into the vulnerabilities present in your digital assets. For instance, the platform conducts full vulnerability scans and offers detailed reports that categorize the vulnerabilities based on severity, about devices such as IPM. Further, you can subscribe to receive real-time notifications when new CVEs or updated software versions of IPM are released, which enables you to act fast and secure your IT infrastructure before being attacked.

REFERENCES

• https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion