CVE-2022-43110
published 2025-08-22CVE-2022-43110: Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.62%
45.0th percentile
Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password, view/change system configuration, enumerate connected UPS devices and shut down connected UPS devices. This extends to being able to configure operating system commands that should run if the system detects a connected UPS shutting down.
Detection & IOCsextracted from sources · hover to see the quote
- →Unauthenticated forced browsing against the Voltronic Power ViewPower / PowerShield NetGuard web interface allows an attacker to change the admin password, view/change system configuration, enumerate connected UPS devices, and shut down connected UPS devices — no credentials required. ↗
- →The vulnerability class is CWE-425 (Direct Request / Forced Browsing) against the UPS management web interface; monitor for unauthenticated HTTP requests to administrative endpoints that would normally require authentication. ↗
- ·No public exploitation of CVE-2022-43110 has been reported to CISA at time of advisory publication; threat remains theoretical but critical (CVSS v3.1 9.8). ↗
- ·Voltronic Power has not engaged with CISA on mitigations; only PowerShield NetGuard 1.04-23292 and later has a vendor-confirmed fix. ViewPower and ViewPower Pro remain unpatched by the vendor. ↗
- ·The advisory also covers a related but distinct RCE vulnerability (CVE-2022-31491, CVSS 10.0) involving an unauthenticated exposed OS-command execution function; ensure detections cover both CVEs when monitoring this software. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fg3v-43xx-v788: Voltronic Power ViewPower through 1
ghsa_unreviewed·2025-08-22
CVE-2022-43110 [CRITICAL] CWE-284 GHSA-fg3v-43xx-v788: Voltronic Power ViewPower through 1
Voltronic Power ViewPower through 1.04-21353 and PowerShield Netguard before 1.04-23292 allows a remote attacker to configure the system via an unspecified web interface. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password, view/change system configuration, enumerate connected UPS devices and shut down connected UPS devices. This extends to being able to configure operating system commands that should run if the system detects a connected UPS shutting down.
CISA ICS
Voltronic Power and PowerShield UPS Monitoring Software
cisa_ics·2025-07-01·CVSS 10.0
[CRITICAL] Voltronic Power and PowerShield UPS Monitoring Software
ICS Advisory
##
Voltronic Power and PowerShield UPS Monitoring Software
Release DateJuly 01, 2025
Alert CodeICSA-25-182-05
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Voltronic Power, PowerShield
- Equipment: Viewpower, NetGuard
- Vulnerabilities: Exposed Dangerous Method or Function, Forced Browsing
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an unauthenticated attacker remotely to make configuration changes, resulting in shutting down UPS connected devices or execution of arbitrary code.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Voltro
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-08-22
Published