Eaton’s IPM solution is designed to ensure system uptime and data integrity by allowing organizations to remotely monitor, manage and control the uninterruptible power supply (UPS) devices on their network.

According to security advisories published this month by Eaton and the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the IPM product is affected by six high-severity vulnerabilities that can be exploited for SQL injection, command execution, deleting arbitrary files, uploading arbitrary files, and remote code execution.

While some of the vulnerabilities can only be exploited by an authenticated attacker, others can be exploited without authentication, including for arbitrary code execution.