CVE-2022-43110

EPSS 0.09%
Veröffentlicht 22.08.2025 00:00:00
Zuletzt bearbeitet 25.08.2025 20:24:45
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password, view/change system configuration, enumerate connected UPS devices and shut down connected UPS devices. This extends to being able to configure operating system commands that should run if the system detects a connected UPS shutting down.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 3 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.268

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CWE-425 Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

https://www.ready2disclose.com/vpow-31491-43110/

https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-05

https://nvd.nist.gov/vuln/detail/CVE-2022-43110

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-43110

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-43110

EUVD