CRITICAL🇵🇱 Wersja polska

CVE-2023-51575

CVSS 9.8v3.0pub. 2024-05-03upd. 2025-07-09

Voltronic Power ViewPower MonitorConsole Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MonitorConsole class. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22011.

🤖 AI Analysis
How it works

The flaw results from exposing a dangerous method in the MonitorConsole class of the ViewPower application (CWE-749 — Exposed Dangerous Method or Function). An attacker can invoke this method remotely over the network without any authentication. Successful exploitation of the vulnerability allows code execution in the context of the currently logged-in user running the application. The vulnerability was identified by Zero Day Initiative as ZDI-CAN-22011.

Impact

An attacker can remotely execute arbitrary code (RCE) on the affected system, gaining full control over the environment in the context of the current user's privileges, which may lead to violations of system confidentiality, integrity, and availability.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. Additionally, it is recommended to restrict network access to the MonitorConsole interface using a firewall and isolate UPS management systems from untrusted network segments.

Who is affected

Voltronic Power ViewPower — versions indicated in the manufacturer's references and in the Zero Day Initiative advisory (ZDI-23-1881)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Voltronicpower Viewpower

    APP
    Voltronicpower
    1.04.21353
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2023-51581CRITICAL9.8PL ✓ten sam produkt

Voltronic Power ViewPower — RCE przez odsłoniętą niebezpieczną metodę klasy MacMonitorConsole

CVE-2023-51582CRITICAL9.8PL ✓ten sam produkt

Voltronic Power ViewPower — RCE przez wystawioną niebezpieczną metodę LinuxMonitorConsole

CVE-2023-51576CRITICAL9.8PL ✓ten sam produkt

RCE przez deserializację w Voltronic Power ViewPower (port TCP 51099)

CVE-2023-51574CRITICAL9.8PL ✓ten sam produkt

Voltronic Power ViewPower — pominięcie uwierzytelnienia przez exposed dangerous method

CVE-2023-51583CRITICAL9.8PL ✓ten sam produkt

RCE w Voltronic Power ViewPower — odsłonięta niebezpieczna metoda UpsScheduler