CVE-2022-43110

Description

The UPS management software is supposed to only allow a properly authenticated and authorized admin user using a web interface to configure the system. An unauthenticated remote attacker can make changes to the system including: changing the web interface admin password, view/change system configuration, enumerate connected UPS devices and shut down connected UPS devices.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-05

Details

Source: Mitre, NVD