CVE-2026-5397

It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...

CVE-2026-5397 Vulnerability Related to an Uncontrolled Search Path Element in a UPS Management Application

It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...

CVE-2026-26033

UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Unquoted Search Path or Element CWE-428 vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges...

CVE-2026-26033

UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Unquoted Search Path or Element CWE-428 vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges...

CVE-2026-26033

UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Unquoted Search Path or Element CWE-428 vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges...

CVE-2026-26034

UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Incorrect Default Permissions CWE-276 vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL...

CVE-2026-26034

UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Incorrect Default Permissions CWE-276 vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL...

CVE-2026-26034

UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Incorrect Default Permissions CWE-276 vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL...

CVE-2026-26034

The CVE concerns UPS Multi-UPS Management Console (MUMC) v01.06.0001 (A03). The issue is an Incorrect Default Permissions (CWE-276) that enables arbitrary code execution with SYSTEM privileges by loading a specially crafted DLL. According to the provided metrics, it is a Local attack with LOW att...

CVE-2026-26034

UPS Multi-UPS Management Console MUMC version 01.06.0001 A03 contains an Incorrect Default Permissions CWE-276 vulnerability that allows an attacker to execute arbitrary code with SYSTEM privileges by causing the application to load a specially crafted DLL...

CVE-2026-26033

The advisory concerns CVE-2026-26033 affecting UPS Multi-UPS Management Console (MUMC) v01.06.0001 (A03). The vulnerability is CWE-428 Unquoted Search Path/Element, allowing a user with write access to a system drive directory to execute arbitrary code with SYSTEM privileges. Affected component i...

CVE-2025-9818

CVE-2025-9818 describes a CWE-428 issue in the UPS management application from OMRON SOCIAL SOLUTIONS Co., Ltd. where Windows service executable paths are not quoted, enabling potential unauthorized file execution with service privileges if the install path contains spaces. Supported by multiple ...

Exploit for CVE-2022-31491

CVE-2022-31491 Metasploit module and PoC are coming. Further...

PT-2025-27563

Name of the Vulnerable Software and Affected Versions: Voltronic Power ViewPower versions through 1.04-24215 Voltronic Power ViewPower Pro versions through 2.0-22165 PowerShield Netguard versions prior to 1.04-23292 Description: The software allows a remote attacker to run arbitrary code via an...

Cyber Power Systems PowerPanel Business Edition 安全漏洞

Cyber Power Systems PowerPanel Business Edition is a suite of power management software from Cyber Power Systems, USA. The software automates the shutdown of physical and virtual infrastructures, and monitors and manages CyberPower UPS systems and network-connected PDUs Power Distribution Units. ...

Voltronic Power ViewPower Pro

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Voltronic Power Equipment: ViewPower Pro Vulnerabilities: Deserialization of Untrusted Data, Missing Authentication for Critical Function, Exposed Dangerous Method or Function, OS Command...

Vertiv UPS Management Module FTP Service Arbitrary File Modification Vulnerability

Vertiv Technologies Limited Vertiv, was founded in 2000. Vertiv designs, manufactures and provides services for critical infrastructure equipment to keep data centers, communication networks, commercial and industrial facilities running well, and provides power supply and distribution, thermal...

Command Execution Vulnerability in SSH of UPS Management Module at VitiTech Ltd.

VitiTech is an uninterruptible power supply, automation control equipment and industrial battery company. A command execution vulnerability exists in SSH, the UPS management module of Verti Technologies Ltd. The vulnerability can be exploited to remotely execute system shell commands bypassing...

NetMan 204 - Backdoor Account

NetMan 204 - Backdoor Account NetMan 204 - Backdoor Account Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: NetMan 204 Vendor: http://www.riello-ups.com Product URL: http://www.riello-ups.com/products/4-software-connectivity/85-netman-204 Quick Reference Installation Manual :...

HP Power Manager Administration Web Server Stack Buffer Overflow (CVE-2010-4113)

HP Power Manager is a web-based application for managing a HP Uninterruptible Power System UPS. The web management console allows users to monitor, manage, and control a single UPS locally and remotely. A buffer overflow vulnerability exists within HP Power Manager. The vulnerability is due to a...