CVE-2024-31856 — HIGH (8.8)

Q: How severe is CVE-2024-31856?

CVE-2024-31856 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-31856?

Check the references section above for vendor advisories and patch information. Affected products include: Cyberpower Powerpanel.

Vulnerability Description

An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote code.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cyberpower	Powerpanel	<= 4.9.0

Related Weaknesses (CWE)

CWE-89

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01Third Party AdvisoryUS Government Resource
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windowsProduct
https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01Third Party AdvisoryUS Government Resource
https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windowsProduct

FAQ

What is CVE-2024-31856?

CVE-2024-31856 is a vulnerability with a CVSS score of 8.8 (HIGH). An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the sy...

How severe is CVE-2024-31856?

CVE-2024-31856 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-31856?

Check the references section above for vendor advisories and patch information. Affected products include: Cyberpower Powerpanel.