7.5
CVE-2024-31409
- EPSS 0.35%
- Veröffentlicht 15.05.2024 20:15:11
- Zuletzt bearbeitet 07.08.2025 19:15:28
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginCyberPower PowerPanel business Incorrect Authorization
Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cyberpower ≫ Powerpanel SwEditionbusiness SwPlatformwindows Version <= 4.9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.271 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| ics-cert@hq.dhs.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads
https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01