68 matches found
EUVD-2025-210079
NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...
CVE-2025-71318 NetMan 204 Missing Authentication for Administrative Functions
NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...
CVE-2025-71318 NetMan 204 Missing Authentication for Administrative Functions
NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...
PT-2026-47014
Name of the Vulnerable Software and Affected Versions NetMan 204 affected versions not specified Description Authentication is not enforced on administrative pages and command endpoints. A remote, unauthenticated attacker can directly request pages such as 'administration.html',...
EUVD-2026-22837
It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...
CVE-2026-5397 Vulnerability Related to an Uncontrolled Search Path Element in a UPS Management Application
It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...
PT-2026-33005
It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...
CVE-2026-26034
UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Incorrect Default Permissions CWE-276 vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL...
PT-2026-23127
Name of the Vulnerable Software and Affected Versions UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 Description The UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 has an issue related to incorrect default permissions. This allows an attacker to execute arbitrary code...
PT-2026-23126
Name of the Vulnerable Software and Affected Versions UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 Description The UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Unquoted Search Path or Element issue. This allows a user with write access to a directory on...
Dell UPS Multi-UPS Management Console 安全漏洞
Dell UPS Multi-UPS Management Console is an uninterruptible power supply management software developed by the American company Dell. Version 01.06.0001 of Dell UPS Multi-UPS Management Console contains a security vulnerability. This vulnerability arises from incorrect default permissions, which...
CVE-2021-22811
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply UP...
CVE-2021-22814
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS,...
CVE-2021-22812
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...
CVE-2025-59888
Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...
CVE-2025-59887
Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...
PT-2025-53452
Name of the Vulnerable Software and Affected Versions Eaton UPS Companion software affected versions not specified Description A flaw exists in the Eaton UPS Companion software installer related to improper authentication of library files. This could allow an attacker who has access to the softwa...
CVE-2025-13053
When a user configures the NAS to retrieve UPS status or control the UPS, a non-enforced TLS certificate verification can allow an attacker able to intercept network traffic between the client and server can perform a man-in-the-middle MITM attack, which may obtain the sensitive information of th...
PT-2025-50803
Name of the Vulnerable Software and Affected Versions ADM versions 4.1.0 through 4.3.3.RKD2 ADM versions 5.0.0 through 5.1.0.RN42 Description A weakness exists where a non-enforced TLS certificate verification can allow an attacker intercepting network traffic to perform a man-in-the-middle MITM...
CVE-2025-41703
An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command...