Lucene search
K
VoltronicpowerViewpower

22 matches found

CVE
CVE
added 2024/05/03 2:15 a.m.71 views

CVE-2023-51593

Voltronic Power ViewPower Pro is affected by a remote code execution due to a Struts2 expression language injection flaw. The vulnerability allows unauthenticated attackers to execute arbitrary code in the context of LOCAL SERVICE. Root cause: a vulnerable expression language handling in a Struts...

9.8CVSS9.9AI score0.01603EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.68 views

CVE-2023-51590

CVE-2023-51590 affects Voltronic Power ViewPower Pro. The vulnerability is an unrestricted file upload in the UpLoadAction class, caused by insufficient validation of user-supplied data. This allows remote attackers to upload arbitrary files and execute code with LOCAL SERVICE privileges, without...

9.8CVSS9.8AI score0.01483EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.66 views

CVE-2023-51574

CVE-2023-51574 — Voltronic Power ViewPower authentication bypass . Affected software: Voltronic Power ViewPower (monitoring/management software for solar inverters). Vulnerability: The flaw exists in the updateManagerPassword method where a dangerous function is exposed, enabling remote attackers...

9.8CVSS9.5AI score0.01553EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.64 views

CVE-2023-51591

This CVE affects Voltronic Power ViewPower Pro, where the doDocument method improperly restricts XML External Entity (XXE) references, allowing an attacker to craft a document that causes the XML parser to fetch a URI and embed its contents back into the XML for processing. The vulnerability can ...

7.5CVSS6.2AI score0.01108EPSS
CVE
CVE
added 2024/04/01 9:18 p.m.62 views

CVE-2023-51572

Voltronic Power ViewPower Pro is affected by CVE-2023-51572 due to an OS command injection in getMacAddressByIP. The flaw stems from insufficient validation of a user-supplied string before it is used to execute a system call, enabling remote code execution with SYSTEM privileges without authenti...

9.8CVSS10AI score0.38423EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.61 views

CVE-2023-51588

CVE-2023-51588 involves Voltronic Power ViewPower Pro with a MySQL configuration flaw caused by hard-coded credentials. The vulnerability enables local privilege escalation, allowing an attacker who can run low-privileged code to escalate to SYSTEM and execute arbitrary code within that context. ...

7.8CVSS7.8AI score0.00234EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.61 views

CVE-2023-51595

Vulnerability (CVE-2023-51595) : Voltronic Power ViewPower Pro is affected by a SQL injection in the selectDeviceListBy method. The flaw stems from insufficient validation of a user-supplied string used to build SQL queries, allowing an attacker to execute arbitrary code in the context of LOCAL S...

9.8CVSS9.9AI score0.48168EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.60 views

CVE-2023-51575

CVE-2023-51575 concerns Voltronic Power ViewPower MonitorConsole, where an exposed dangerous method in the MonitorConsole class enables remote code execution with no authentication. Documents confirm RCE context and lack of required privileges, affecting Voltronic Power ViewPower installations, b...

9.8CVSS9.8AI score0.01483EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.59 views

CVE-2023-51584

CVE-2023-51584 affects Voltronic Power ViewPower Pro. The vulnerability is in the shutdown/Shutdown method which exposes a dangerous method, enabling remote code execution in the context of the current user. An attacker must have user interaction (an administrator must trigger the shutdown operat...

8.8CVSS8.9AI score0.01127EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.59 views

CVE-2023-51587

CVE-2023-51587 relates to Voltronic Power ViewPower, where the vulnerable component is the getModbusPassword method. The root cause is a lack of authentication before accessing this functionality, enabling remote attackers to disclose stored credentials. The issue is documented across multiple so...

7.5CVSS7.3AI score0.36038EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.57 views

CVE-2023-51586

Voltronic Power ViewPower Pro is affected by a SQL injection in the selectEventConfig method, allowing remote code execution with no authentication. The flaw arises from unsafely using a user-supplied string to construct SQL queries, enabling code execution in the context of LOCAL SERVICE. Docume...

9.8CVSS9.9AI score0.01331EPSS
CVE
CVE
added 2024/04/01 9:17 p.m.56 views

CVE-2023-51571

CVE-2023-51571 : In Voltronic Power ViewPower Pro, the SocketService has missing authentication, allowing remote attackers to trigger a denial-of-service. The flaw resides in the SocketService component (UDP 41222 by default); no authentication precedes access to functionality, enabling an unauth...

7.5CVSS7.8AI score0.00667EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.56 views

CVE-2023-51582

Affected product: Voltronic Power ViewPower, specifically the LinuxMonitorConsole component. Vulnerability summary: An exposed dangerous method in LinuxMonitorConsole allows remote attackers to execute arbitrary code, without authentication, in the context of the current user. This is described a...

9.8CVSS9.8AI score0.01483EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.55 views

CVE-2023-51585

CVE-2023-51585 affects Voltronic Power ViewPower Pro (USBCommEx shutdown) where the shutdown method uses a user-supplied string in a system call without proper validation, enabling remote code execution in the context of the current user. Exploitation requires administrator-triggered shutdown and...

8.8CVSS9.1AI score0.01396EPSS
CVE
CVE
added 2024/04/01 9:18 p.m.54 views

CVE-2023-51573

Voltronic Power ViewPower Pro is affected by CVE-2023-51573. The flaw resides in the updateManagerPassword function, where exposure of a dangerous function enables an unauthenticated attacker to bypass authentication remotely. Products and advisories consistently cite an authentication bypass wit...

9.8CVSS9.7AI score0.45744EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.52 views

CVE-2023-51581

CVE-2023-51581 affects Voltronic Power ViewPower, specifically the MacMonitorConsole class, where an exposed dangerous method enables remote code execution with no authentication. The ZDI advisory and NVD/NVD-derived metrics indicate a high-severity, remote code execution vulnerability (CVSSv3.0:...

9.8CVSS9.8AI score0.01483EPSS
CVE
CVE
added 2024/04/01 9:14 p.m.51 views

CVE-2023-51570

CVE-2023-51570 affects Voltronic Power ViewPower Pro. The vulnerability exists in the RMI interface (defaults to TCP port 41009) where untrusted data is deserialized without proper validation, enabling remote code execution in the context of SYSTEM. The entry is supported by multiple sources (ZDI...

9.8CVSS9.9AI score0.0104EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.48 views

CVE-2023-51576

Summary: CVE-2023-51576 affects Voltronic Power ViewPower. The vulnerability exists in the RMI interface listening by default on TCP port 51099 and stems from improper validation of user-supplied data, allowing deserialization of untrusted data and resulting in remote code execution in the contex...

9.8CVSS9.8AI score0.01549EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.48 views

CVE-2023-51579

CVE-2023-51579 affects Voltronic Power ViewPower. Root cause: incorrect permissions on folders in the product installer, enabling local privilege escalation to SYSTEM when an attacker can execute low-privileged code. Exploitation is local with low complexity and no user interaction; no patch/vers...

7.8CVSS7.8AI score0.00234EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.46 views

CVE-2023-51583

CVE-2023-51583 affects Voltronic Power ViewPower; the flaw is in the UpsScheduler class due to an exposed dangerous method, enabling remote code execution with SYSTEM context. It requires no authentication and is exploitable over the network (per ZDI advisory). The available documents confirm the...

9.8CVSS9.8AI score0.01483EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.45 views

CVE-2023-51577

Voltronic Power ViewPower contains a local privilege escalation in the setShutdown method. The flaw arises from an exposed dangerous method that allows a low-privileged attacker who can run code locally to escalate to SYSTEM and execute arbitrary code. This is documented across multiple sources (...

7.8CVSS7.8AI score0.0031EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.43 views

CVE-2023-51578

CVE-2023-51578 affects Voltronic Power ViewPower MonitorConsole. The flaw is an exposed dangerous method in the MonitorConsole class enabling remote DoS without authentication. Public sources (ZDI-23-1884) confirm the issue, but no concrete remediation/version fix is provided in the connected doc...

7.5CVSS7.5AI score0.01283EPSS