Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CyberPower PowerPanel Business

🗓️ 02 May 2024 06:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType 
ics
 ics🔗 www.cisa.gov👁 76 Views

CyberPower PowerPanel vulnerability. CVSS v3 9.8. Hard-coded credentials, relative path traversal, SQL injection. Successful exploitation could result in authentication bypass, administrator privileges, and code execution. Affected version: PowerPanel 4.9.0 and earlier

Related
Refs
ReporterTitlePublishedViews
Family
BDU FSTEC		The vulnerability of the PowerPanel Business’s monitoring and management system for power sources involves insufficient protection of operational data during code debugging. This allows attackers to gain unauthorized access to account information and increase their privileges.
6 May 202400:00
bdu_fstec
BDU FSTEC		The vulnerability of the PowerPanel Business’s monitoring and control system regarding authentication procedures allows unauthorized access by intruders to protected information.
6 May 202400:00
bdu_fstec
BDU FSTEC		The vulnerability of the PowerPanel Business monitoring and power source management system lies in the use of a strictly encrypted cryptographic key. This allows attackers to impersonate other users and send malicious data into the system.
6 May 202400:00
bdu_fstec
BDU FSTEC		The vulnerability of the PowerPanel Business’s monitoring and power source management system lies in the lack of measures to protect the SQL query structure. This allows attackers to execute arbitrary SQL code and write arbitrary files.
6 May 202400:00
bdu_fstec
BDU FSTEC		The vulnerability of the PowerPanel Business’s monitoring and management system for uninterruptible power sources lies in the storage of passwords in a recoverable format, which allows an intruder to gain unauthorized access to protected information.
6 May 202400:00
bdu_fstec
BDU FSTEC		The vulnerability of the PowerPanel Business monitoring and power source management system, related to the use of strictly encrypted account data, allows a intruder to gain unauthorized access to protected information and enhance their privileges.
6 May 202400:00
bdu_fstec
BDU FSTEC		The vulnerability of the PowerPanel Business monitoring and power source management system, related to errors in processing the relative path to the catalog, allows a perpetrator to execute arbitrary code.
6 May 202400:00
bdu_fstec
BDU FSTEC		The vulnerability of the PowerPanel Business monitoring and power source management system, related to the use of pre-installed account data, allows a perpetrator to increase their privileges.
6 May 202400:00
bdu_fstec
Circl		CVE-2024-31409
7 Aug 202518:54
circl
CNNVD		Cyber Power Systems PowerPanel Business Edition 安全漏洞
15 May 202400:00
cnnvd
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 May 2024 06:00Current
8.8High risk
Vulners AI Score8.8
CVSS 3.18.8 - 9.8
EPSS0.00618
SSVC
cyberpower powerpanelvulnerabilitycvss v3hard-coded credentialsrelative path traversalsql injectionauthentication bypassadministrator privilegescode executionpowerpanel 4.9.0
76