Assigner | icscert |
Reserved | 2024-04-29 |
Published | 2024-05-15 |
Updated | 2024-06-04 |
Description
Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any device.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Problem types
Product status
Any version before 4.9.0
Credits
Amir Preminger and Noam Moshe of Claroty Team82 Research reported these vulnerabilities to CISA.
References
https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads