CVE-2018-12031 Scanner
Detects 'Directory Traversal' vulnerability in Eaton Intelligent Power Manager affects v. 1.6.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Time Interval
792 sec
Scan only one
Url
Toolbox
-
Eaton Intelligent Power Manager (IPM) is a software solution used for remotely managing and monitoring power devices such as Uninterruptible Power Supplies (UPS) and Power Distribution Units (PDU). Employed in data centers, healthcare facilities, and industrial plants, IPM provides real-time monitoring and control of power devices, enabling administrators to minimize downtime and maintain business continuity.
Recently, a critical vulnerability was detected in IPM, marked as CVE-2018-12031. This vulnerability allows attackers to exploit a local file inclusion flaw via the server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action. With this exploit, an attacker can remotely execute arbitrary code by uploading a malicious firmware update package to the affected device, which can lead to full system compromise.
If the vulnerability is fully exploited, the attackers could steal data, sabotage the power devices, and cause extended periods of downtime. They may also manipulate the software to modify the power systems, leading to power outages, hardware damages, and even loss of lives. The danger is amplified by the fact that IPM is used in critical infrastructure where reliable and continuous power is paramount.
With the pro features of the s4e.io platform, you can get in-depth insights into the vulnerabilities present in your digital assets. For instance, the platform conducts full vulnerability scans and offers detailed reports that categorize the vulnerabilities based on severity, about devices such as IPM. Further, you can subscribe to receive real-time notifications when new CVEs or updated software versions of IPM are released, which enables you to act fast and secure your IT infrastructure before being attacked.
REFERENCES