CRITICAL🇵🇱 Wersja polska

CVE-2022-43110

CVSS 9.8v3.1pub. 2025-08-22upd. 2026-04-15

Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password, view/change system configuration, enumerate connected UPS devices and shut down connected UPS devices. This extends to being able to configure operating system commands that should run if the system detects a connected UPS shutting down.

🤖 AI Analysis
How it works

A remote attacker can gain access to the web interface without authentication and perform privileged administrative operations on it. The vulnerability results from a lack of access control (CWE-284, CWE-306) and the ability to directly invoke protected resources without authorization (CWE-425). An attacker can, among other things, change the administrator password, view and modify system configuration, detect connected UPS devices, remotely disable them, and configure operating system commands executed in response to UPS events.

Impact

An attacker can gain full control over the UPS management system, including blocking administrator access, disabling connected UPS devices, and executing arbitrary operating system commands — which may lead to power supply disruptions and serious critical infrastructure disturbances.

Mitigation & patch

PowerShield Netguard should be updated to version 1.04-23292 or later. For Voltronic Power ViewPower, patches available from the manufacturer should be applied according to references. It is also recommended to restrict access to the web interface only to trusted networks and to apply a firewall blocking access from the Internet.

Who is affected

Voltronic Power ViewPower in versions up to 1.04-21353 (inclusive) and PowerShield Netguard in versions before 1.04-23292

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References