Eaton Intelligent Power Protector — known CVE vulnerabilities
Every CVE whose affected-product data names Eaton Intelligent Power Protector, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2021-23278 — CVSS 8.7 (high): Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to…
CVE-2021-23277 — CVSS 8.3 (high): Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not…
CVE-2021-23279 — CVSS 8.0 (high): Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to…
CVE-2021-23280 — CVSS 8.0 (high): Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s maps_srv.js…
CVE-2026-22619 — CVSS 7.8 (high): Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code…
CVE-2021-23276 — CVSS 7.1 (high): Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated SQL injection. A malicious user can send a specially…
CVE-2026-22616 — CVSS 6.5 (medium): Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to…
CVE-2026-22615 — CVSS 6.0 (medium): Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin…
CVE-2026-22618 — CVSS 5.9 (medium): A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an…
CVE-2026-22617 — CVSS 5.7 (medium): Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept…
CVE-2021-23288 — CVSS 5.6 (medium): The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access…
CVE-2021-23283 — CVSS 5.2 (medium): Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to…