Voltronic Power Viewpower Pro vulnerabilities
10 known vulnerabilities affecting voltronic_power/viewpower_pro.
Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH3
Vulnerabilities
Page 1 of 1
CVE-2023-51573P1CRITICALCVSS 9.8v2.0-221652024-04-01
CVE-2023-51573 [CRITICAL] CWE-749 CVE-2023-51573: Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication Bypass
Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the update
nvd
CVE-2023-51572P1CRITICALCVSS 9.8v2.0-221652024-04-01
CVE-2023-51572 [CRITICAL] CWE-78 CVE-2023-51572: Voltronic Power ViewPower Pro getMacAddressByIp Command Injection Remote Code Execution Vulnerabilit
Voltronic Power ViewPower Pro getMacAddressByIp Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the getMacAddressByIP f
nvd
CVE-2023-51595P1CRITICALCVSS 9.8v2.0-221652024-05-03
CVE-2023-51595 [CRITICAL] CWE-89 CVE-2023-51595: Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution Vulnerability.
Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the selectDeviceListBy meth
nvd
CVE-2023-51590P2CRITICALCVSS 9.8v2.0-221652024-05-03
CVE-2023-51590 [CRITICAL] CWE-434 CVE-2023-51590: Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerabil
Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the UpLoadAction cla
nvd
CVE-2023-51570P2CRITICALCVSS 9.8v2.0-221652024-04-01
CVE-2023-51570 [CRITICAL] CWE-502 CVE-2023-51570: Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote Code Execution Vulnerability.
Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the RMI interface, which
nvd
CVE-2023-51586P2CRITICALCVSS 9.8v2.0-221652024-05-03
CVE-2023-51586 [CRITICAL] CWE-89 CVE-2023-51586: Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability. T
Voltronic Power ViewPower Pro selectEventConfig SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the selectEventConfig metho
nvd
CVE-2023-51593P2CRITICALCVSS 9.8v2.0-221652024-05-03
CVE-2023-51593 [CRITICAL] CWE-917 CVE-2023-51593: Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. Thi
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Struts2 dependency. The
nvd
CVE-2023-51591P3HIGHCVSS 7.5v2.0-221652024-05-03
CVE-2023-51591 [HIGH] CWE-611 CVE-2023-51591: Voltronic Power ViewPower Pro doDocument XML External Entity Processing Information Disclosure Vulne
Voltronic Power ViewPower Pro doDocument XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the doDocum
nvd
CVE-2023-51588P3HIGHCVSS 7.8v2.0-221652024-05-03
CVE-2023-51588 [HIGH] CWE-798 CVE-2023-51588: Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnera
Voltronic Power ViewPower Pro MySQL Use of Hard-coded Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Voltronic Power ViewPower Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this v
nvd
CVE-2023-51571P3HIGHCVSS 7.5v2.0-221652024-04-01
CVE-2023-51571 [HIGH] CWE-306 CVE-2023-51571: Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability.
Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the SocketServic
nvd