← Back to home
ICSA-22-130-04  ·  Published 2022-05-10  ·  View on CISA ICS-CERT ↗

Eaton Intelligent Power Manager

CVSS 5.2 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code using untrusted data.

CVEs (1)

Remediations

  • Eaton recommends users upgrade to the latest version of Intelligent Power Manager:
  • Eaton IPM: Update to v1.70
  • Eaton recommends users follow the security best practices and configure the logical access mechanisms provided in IPM to safeguard the application from unauthorized access. IPM provides various types of administrative, operational, and configuration privilege levels. Use the available access control mechanisms properly to ensure system and application access is restricted to legitimate users only. Ensure users are restricted to only the privilege levels necessary to complete their job roles/functions.
  • Restrict exposure to external networks for all control system devices and/or systems and ensure they are not directly accessible from the open Internet.
  • Deploy control system networks and remote devices behind barrier devices (e.g., firewalls, data diodes) and isolate them from business networks.
  • Remote access to control system networks should be made available on a strict need-to-use basis. Remote access should use secure methods, such as virtual private networks (VPNs), updated to the most current version available.
  • Regularly update software and applications to the latest versions available, as applicable.
  • Enable audit logs on all devices and applications.
  • Disable/deactivate unused communication channels, TCP/UDP ports and services (e.g., SNMP, FTP, BootP, DHCP, etc.) on networked devices.
  • Create security zones for devices with common security requirements using barrier devices (e.g., firewalls, data diodes).
  • Change default passwords following initial startup. Use complex secure passwords or passphrases.
  • Perform regular security assessments and risk analysis of networked control systems.
  • For additional information, please visit Eaton's cybersecurity website.

Affected Vendors

Eaton

Affected Products (1)

Eaton · Eaton Intelligent Power Manager (IPM) v1 < 1.70

Affected Sectors

Multiple Sectors

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more