Powertek Firmware <3.30.30 - Authorization Bypass

Powertek firmware multiple brands before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an...

Tinycontrol多款产品 安全漏洞

Tinycontrol tcPDU is a product of the Polish company Tinycontrol. Tinycontrol tcPDU is a network distribution unit. Tinycontrol LAN Controllers LK3.5 is a device for remote monitoring and control of environmental parameters. Tinycontrol LAN Controllers LK3.9 is also a device for remote monitoring...

Hitachi SuprOS security vulnerabilities

Hitachi SuprOS is a centralized management system for power distribution automation and communication devices developed by Hitachi, a Japanese company. Hitachi SuprOS has a security vulnerability, which stems from the presence of default credentials. This vulnerability could allow authenticated...

CVE-2021-22811

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause script execution when the request of a privileged account accessing the vulnerable web page is intercepted. Affected Products: 1-Phase Uninterruptible Power Supply UP...

CVE-2021-22810

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file. Affected Products:...

CVE-2022-33175

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/getparam.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrator...

EUVD-2007-6194

Malware in sbrugna...

EUVD-2022-36219

Malicious code in bioql PyPI...

EUVD-2021-9949

Malicious code in bioql PyPI...

EUVD-2021-9945

Malicious code in bioql PyPI...

DuraComm SPM-500 DP-10iN-100-MU 访问控制错误漏洞

The DuraComm SPM-500 DP-10iN-100-MU is a DC power distribution panel from DuraComm, Inc. An access control error vulnerability exists in the DuraComm SPM-500 DP-10iN-100-MU, which stems from functional access control that lacks user authentication, and could cause an attacker to repeatedly reboot...

DuraComm SPM-500 DP-10iN-100-MU 跨站脚本漏洞

The DuraComm SPM-500 DP-10iN-100-MU is a DC power distribution panel from DuraComm USA. A cross-site scripting vulnerability exists in the DuraComm SPM-500 DP-10iN-100-MU, which stems from susceptibility to cross-site scripting attacks that could prevent a legitimate user from accessing the web...

DuraComm SPM-500 DP-10iN-100-MU 安全漏洞

The DuraComm SPM-500 DP-10iN-100-MU is a DC power distribution panel from DuraComm USA. A security vulnerability exists in the DuraComm SPM-500 DP-10iN-100-MU that originates from the unencrypted transmission of sensitive data that could be intercepted by an attacker...

CVE-2022-33174

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...

Sentry Switched CDU Bruteforce Login Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sentry Switched CDU Bruteforce Login Utility', 'Description' = % This module scans for ServerTech's Sentry Switched CDU Cabinet Power Distributio...

ATEN International PE6208 安全漏洞

The ATEN International PE6208 is a power distribution unit from China-based ATEN Automation Technology ATEN International. A security vulnerability exists in the ATEN International PE6208 version 2.3.228, version 2.4.232, which originates from incorrect access control in the log management functi...

Cyber Power Systems PowerPanel Business Edition 安全漏洞

Cyber Power Systems PowerPanel Business Edition is a suite of power management software from Cyber Power Systems, USA. The software automates the shutdown of physical and virtual infrastructures, and monitors and manages CyberPower UPS systems and network-connected PDUs Power Distribution Units. ...

Siemens SENTRON 3KC ATC6 Ethernet Module Hidden Function Vulnerability

The Siemens SENTRON 3KC ATC6 Expansion Module is a power distribution protection device from Siemens, Germany, for monitoring and protecting power systems. A hidden function vulnerability exists in the Siemens SENTRON 3KC ATC6 Ethernet Module due to affected devices exposing unused and unstable...

Schneider Electric EcoStruxure Power Monitoring Expert Open Redirection Vulnerability

Schneider Electric EcoStruxure Power Monitoring Expert is a device from Schneider Electric, France, for power distribution monitoring in IoT environments. The Schneider Electric EcoStruxure Power Monitoring Expert suffers from an open redirection vulnerability, which stems from the system not...

Data Center Vulnerabilities a Ticking Time Bomb for Cloud Services

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Several flaws in critical data center infrastructure management systems and power distribution units pose a significant risk to cloud-based services. CyberPowers PowerPanel Enterprise has four...