Eaton Intelligent Power Manager Infrastructure

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code using untrusted data.

CVEs (3)

Remediations

• The product has reached its End Of Life, the notification has been posted at: Lifecycle Notification. The transition to IPM Monitor Edition is in progress. Refer the Product page for further details.
• Until the transition is complete, Eaton recommends the below guidelines should be followed.
• To prevent the exploitation of the issues and safeguard the software from malicious entities, ensure access to the system is provided to the known users and the credentials are secured.
• Eaton recommends users follow the security best practices and configure the logical access mechanisms provided in IPM to safeguard the application from unauthorized access. IPM provides various types of administrative, operational, configuration privilege levels. Use the available access control mechanisms properly to ensure system and application access is restricted to legitimate users only. Ensure users are restricted to only the privilege levels necessary to complete their job roles/functions.
• Restrict exposure to external networks for all control system devices and/or systems and ensure they are not directly accessible from the open Internet.
• Deploy control system networks and remote devices behind barrier devices (e.g. firewalls, data diodes) and isolate them from business networks.
• Remote access to control system networks should be made available on a strict need-to-use basis. Remote access should use secure methods, such as virtual private networks (VPNs), updated to the most current version available.
• Regularly update software and applications to latest versions available, as applicable.
• Enable audit logs on all devices and applications.
• Disable/deactivate unused communication channels, TCP/UDP ports and services (e.g., SNMP, FTP, BootP, DHCP, etc.) on networked devices.
• Create security zones for devices with common security requirements using barrier devices (e.g., firewalls, data diodes).
• Change default passwords following initial startup. Use complex secure passwords or passphrases.
• Perform regular security assessments and risk analysis of networked control systems.
• For additional information, please visit Eaton's cybersecurity website.

Affected Vendors

Affected Products (1)

Affected Sectors

Multiple Sectors