CVE-2022-31491

Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified web interface related to detection of a managed UPS shutting down. An unauthenticated attacker can use this to run arbitrary code immediately regardless of any managed UPS state or presence.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-05
https://www.ready2disclose.com/vpow-31491-43110/

Configurations

No configuration.

History

25 Aug 2025, 20:24

Type	Values Removed	Values Added
Summary		(es) Voltronic Power ViewPower (versión 1.04-24215), ViewPower Pro (versión 2.0-22165) y PowerShield Netguard (versión anterior a 1.04-23292) permiten a un atacante remoto ejecutar código arbitrario a través de una interfaz web no especificada relacionada con la detección del apagado de un SAI administrado. Un atacante no autenticado puede usar esto para ejecutar código arbitrario inmediatamente, independientemente del estado o la presencia del SAI administrado.

22 Aug 2025, 21:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 10.0
CWE		CWE-749 CWE-94

22 Aug 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-22 20:15

Updated : 2025-08-25 20:24

NVD link : CVE-2022-31491

Mitre link : CVE-2022-31491

CVE.ORG link : CVE-2022-31491

JSON object : View

Products Affected

No product.

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-749

Exposed Dangerous Method or Function

10.0 /10