CVE-2024-31856

Published May 15, 2024

Last updated 6 months ago

CVSS high 8.8

Overview

Description
An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote code.
Source
ics-cert@hq.dhs.gov
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

ics-cert@hq.dhs.gov
CWE-89

Social media

Hype score
Not currently trending

References