Eaton Intelligent Power Protector

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code using untrusted data.

CVEs (1)

Remediations

• Eaton recommends users upgrade to the latest version of its software, Eaton IPP v1.69
• Eaton recommends users follow the security best practices and configure the logical access mechanisms provided in IPP to safeguard the application from unauthorized access. Use the available access control mechanisms properly to ensure system and application access is restricted to legitimate users only. Ensure users are restricted to only the privilege levels necessary to complete their job roles/functions.
• Restrict exposure to external networks for all control system devices and/or systems and ensure they are not directly accessible from the Internet.
• Deploy control system networks and remote devices behind barrier devices (e.g., firewalls, data diodes) and isolate them from business networks.
• Remote access to control system networks should be made available on a strict need-to-use basis. Remote access should use secure methods, such as virtual private networks (VPNs), updated to the most current version available.
• Regularly update software and applications to latest versions available, as applicable.
• Enable audit logs on all devices and applications.
• Disable/deactivate unused communication channels, TCP/UDP ports and services (e.g., SNMP, FTP, BootP, DHCP, etc.) on networked devices.
• Create security zones for devices with common security requirements using barrier devices (e.g., firewalls, data diodes).
• Change default passwords following initial startup. Use complex secure passwords or passphrases.
• Perform regular security assessments and risk analysis of networked control systems.
• For additional information, please visit Eaton's cybersecurity website.

Affected Vendors

Affected Products (1)

Affected Sectors

Multiple Sectors