CVE-2022-31491
published 2025-08-22CVE-2022-31491: Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run…
PriorityP268critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
0.75%
50.3th percentile
Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified web interface related to detection of a managed UPS shutting down. An unauthenticated attacker can use this to run arbitrary code immediately regardless of any managed UPS state or presence.
Detection & IOCsextracted from sources · hover to see the quote
- →A critical underlying function related to OS command execution on UPS shutdown is exposed over the network with no authentication or authorization; detect unauthenticated HTTP requests to the web interface that trigger this function ↗
- →Monitor for unauthenticated remote requests to the UPS management web interface that result in OS command execution, configuration changes, admin password changes, or UPS enumeration/shutdown — all without prior authentication ↗
- ·The vulnerability is described only as 'an unspecified web interface' endpoint; no specific URL path, port, parameter, or network signature has been publicly disclosed for CVE-2022-31491 ↗
- ·No known public exploitation or proof-of-concept has been reported; no hashes, domains, IPs, or specific attack tooling are available in the public sources ↗
- ·Voltronic Power has not responded to CISA remediation requests; no vendor patch exists for ViewPower or ViewPower Pro as of the advisory date ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Voltronic Power and PowerShield UPS Monitoring Software
cisa_ics·2025-07-01·CVSS 10.0
[CRITICAL] Voltronic Power and PowerShield UPS Monitoring Software
ICS Advisory
##
Voltronic Power and PowerShield UPS Monitoring Software
Release DateJuly 01, 2025
Alert CodeICSA-25-182-05
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Voltronic Power, PowerShield
- Equipment: Viewpower, NetGuard
- Vulnerabilities: Exposed Dangerous Method or Function, Forced Browsing
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an unauthenticated attacker remotely to make configuration changes, resulting in shutting down UPS connected devices or execution of arbitrary code.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Voltro
GHSA
GHSA-hxp2-x3ch-hv5v: Voltronic Power ViewPower through 1
ghsa_unreviewed·2025-08-22
CVE-2022-31491 [CRITICAL] CWE-94 GHSA-hxp2-x3ch-hv5v: Voltronic Power ViewPower through 1
Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified web interface related to detection of a managed UPS shutting down. An unauthenticated attacker can use this to run arbitrary code immediately regardless of any managed UPS state or presence.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-08-22
Published