CVE-2022-43110

Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password, view/change system configuration, enumerate connected UPS devices and shut down connected UPS devices. This extends to being able to configure operating system commands that should run if the system detects a connected UPS shutting down.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-05
https://www.ready2disclose.com/vpow-31491-43110/

Configurations

No configuration.

History

No history.

Information

Published : 2025-08-22 20:15

Updated : 2025-08-25 20:24

NVD link : CVE-2022-43110

Mitre link : CVE-2022-43110

CVE.ORG link : CVE-2022-43110

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

CWE-306

Missing Authentication for Critical Function

CWE-425

Direct Request ('Forced Browsing')

{"id": "CVE-2022-43110", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-08-22T20:15:31.777", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-05", "source": "[email protected]"}, {"url": "https://www.ready2disclose.com/vpow-31491-43110/", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-306"}, {"lang": "en", "value": "CWE-425"}]}], "descriptions": [{"lang": "en", "value": "Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password, view/change system configuration, enumerate connected UPS devices and shut down connected UPS devices. This extends to being able to configure operating system commands that should run if the system detects a connected UPS shutting down."}, {"lang": "es", "value": "Voltronic Power ViewPower (versi\u00f3n 1.04-21353) y PowerShield Netguard (versi\u00f3n anterior a 1.04-23292) permiten a un atacante remoto configurar el sistema mediante una interfaz web no especificada. Un atacante remoto no autenticado puede realizar cambios en el sistema, como cambiar la contrase\u00f1a de administrador de la interfaz web, ver/modificar la configuraci\u00f3n del sistema, enumerar y apagar los dispositivos UPS conectados. Esto incluye la posibilidad de configurar los comandos del sistema operativo que deben ejecutarse si el sistema detecta que un UPS conectado se apaga."}], "lastModified": "2025-08-25T20:24:45.327", "sourceIdentifier": "[email protected]"}