Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for UPS CS141 by Generex

    CVE-2022-47187 (GCVE-0-2022-47187)

    Vulnerability from nvd – Published: 2023-09-28 13:30 – Updated: 2024-09-23 18:54
    VLAI
    Title
    File upload XSS vulnerability in Generex CS141
    Summary
    There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Generex UPS CS141 Affected: 0 , < 2.06 (custom)
    Create a notification for this product.
    generex ups-cs141 Affected: 0 , < 2.06 (custom)
        cpe:2.3:a:generex:ups-cs141:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-03-02 23:00
    Credits
    Joel Gámez Molina (@JoelGMSec)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:47:29.378Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/2-12"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:generex:ups-cs141:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ups-cs141",
                "vendor": "generex",
                "versions": [
                  {
                    "lessThan": "2.06",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-47187",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-23T18:52:27.863483Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-23T18:54:02.859Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UPS CS141",
              "vendor": "Generex",
              "versions": [
                {
                  "lessThan": "2.06",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Joel G\u00e1mez Molina (@JoelGMSec)"
            }
          ],
          "datePublic": "2023-03-02T23:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.\u003c/p\u003e"
                }
              ],
              "value": "There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-28T13:30:27.188Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.generex.de/support/changelogs/cs141/2-12"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022.\u003c/p\u003e"
                }
              ],
              "value": "This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022.\n\n"
            }
          ],
          "source": {
            "advisory": "INCIBE-2023-0071",
            "discovery": "EXTERNAL"
          },
          "title": "File upload XSS vulnerability in Generex CS141",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2022-47187",
        "datePublished": "2023-09-28T13:30:27.188Z",
        "dateReserved": "2022-12-12T17:08:47.302Z",
        "dateUpdated": "2024-09-23T18:54:02.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-47186 (GCVE-0-2022-47186)

    Vulnerability from nvd – Published: 2023-09-28 13:26 – Updated: 2024-09-23 18:59
    VLAI
    Title
    Unrestricted Upload of File vulnerability in Generex CS141
    Summary
    There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    Generex UPS CS141 Affected: 0 , < 2.06 (custom)
    Create a notification for this product.
    generex ups-cs141 Affected: 0 , < 2.06 (custom)
        cpe:2.3:a:generex:ups-cs141:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-03-02 23:00
    Credits
    Joel Gámez Molina (@JoelGMSec)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:47:29.482Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/page:2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:generex:ups-cs141:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ups-cs141",
                "vendor": "generex",
                "versions": [
                  {
                    "lessThan": "2.06",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-47186",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-23T18:58:23.012701Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-23T18:59:29.643Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UPS CS141",
              "vendor": "Generex",
              "versions": [
                {
                  "lessThan": "2.06",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Joel G\u00e1mez Molina (@JoelGMSec)"
            }
          ],
          "datePublic": "2023-03-02T23:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the \"upload\" directory."
                }
              ],
              "value": "There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the \"upload\" directory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-28T13:32:39.340Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.generex.de/support/changelogs/cs141/page:2"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis vulnerability, has been fixed by Generex team in CS141 version 2.06, released on April 2022.\u003c/p\u003e"
                }
              ],
              "value": "This vulnerability, has been fixed by Generex team in CS141 version 2.06, released on April 2022.\n\n"
            }
          ],
          "source": {
            "advisory": "INCIBE-2023-0071",
            "discovery": "EXTERNAL"
          },
          "title": "Unrestricted Upload of File vulnerability in Generex CS141",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2022-47186",
        "datePublished": "2023-09-28T13:26:12.138Z",
        "dateReserved": "2022-12-12T17:08:47.302Z",
        "dateUpdated": "2024-09-23T18:59:29.643Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-47192 (GCVE-0-2022-47192)

    Vulnerability from nvd – Published: 2023-03-31 00:00 – Updated: 2025-02-11 19:02
    VLAI
    Title
    Admin password reset via file upload vulnerability in Generex CS141
    Summary
    Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Generex UPS CS141 Affected: 2.06 , < 2.06 (custom)
    Create a notification for this product.
    Date Public
    2023-03-03 00:00
    Credits
    Joel Gámez Molina (@JoelGMSec)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:47:29.346Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/page:2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/2-12"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-47192",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-11T19:02:45.274432Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-11T19:02:51.017Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UPS CS141",
              "vendor": "Generex",
              "versions": [
                {
                  "lessThan": "2.06",
                  "status": "affected",
                  "version": "2.06",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Joel G\u00e1mez Molina (@JoelGMSec)"
            }
          ],
          "datePublic": "2023-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified \"users.json\" to the web server of the device, allowing him to replace the administrator password."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-31T00:00:00.000Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
            },
            {
              "url": "https://www.generex.de/support/changelogs/cs141/page:2"
            },
            {
              "url": "https://www.generex.de/support/changelogs/cs141/2-12"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This vulnerability has been fixed by Generex team in CS141 version 2.12, released on December 2022."
            }
          ],
          "source": {
            "advisory": "INCIBE-2023-0071",
            "defect": [
              "INC-2021-0055"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Admin password reset via file upload vulnerability in Generex CS141",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2022-47192",
        "datePublished": "2023-03-31T00:00:00.000Z",
        "dateReserved": "2022-12-12T00:00:00.000Z",
        "dateUpdated": "2025-02-11T19:02:51.017Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-47191 (GCVE-0-2022-47191)

    Vulnerability from nvd – Published: 2023-03-31 00:00 – Updated: 2025-02-11 19:03
    VLAI
    Title
    Privilege Escalation via file upload vulnerability at Generex CS141
    Summary
    Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Generex UPS CS141 Affected: 2.06 , < 2.06 (custom)
    Create a notification for this product.
    Date Public
    2023-03-03 00:00
    Credits
    Joel Gámez Molina (@JoelGMSec)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:47:29.525Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/page:2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/2-12"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-47191",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-11T19:03:16.341369Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-11T19:03:20.719Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UPS CS141",
              "vendor": "Generex",
              "versions": [
                {
                  "lessThan": "2.06",
                  "status": "affected",
                  "version": "2.06",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Joel G\u00e1mez Molina (@JoelGMSec)"
            }
          ],
          "datePublic": "2023-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-31T00:00:00.000Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
            },
            {
              "url": "https://www.generex.de/support/changelogs/cs141/page:2"
            },
            {
              "url": "https://www.generex.de/support/changelogs/cs141/2-12"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This vulnerability has been fixed by Generex team in CS141 version 2.12, released on December 2022."
            }
          ],
          "source": {
            "advisory": "INCIBE-2023-0071",
            "defect": [
              "INC-2021-0055"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Privilege Escalation via file upload vulnerability at Generex CS141",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2022-47191",
        "datePublished": "2023-03-31T00:00:00.000Z",
        "dateReserved": "2022-12-12T00:00:00.000Z",
        "dateUpdated": "2025-02-11T19:03:20.719Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-47190 (GCVE-0-2022-47190)

    Vulnerability from nvd – Published: 2023-03-31 00:00 – Updated: 2025-02-11 19:08
    VLAI
    Title
    RCE via file upload vulnerability in Generex CS141
    Summary
    Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Generex UPS CS141 Affected: 2.06 , < 2.06 (custom)
    Create a notification for this product.
    Date Public
    2023-03-03 00:00
    Credits
    Joel Gámez Molina (@JoelGMSec)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:47:29.483Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/page:2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/2-12"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-47190",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-11T19:08:01.603426Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-11T19:08:06.211Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UPS CS141",
              "vendor": "Generex",
              "versions": [
                {
                  "lessThan": "2.06",
                  "status": "affected",
                  "version": "2.06",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Joel G\u00e1mez Molina (@JoelGMSec)"
            }
          ],
          "datePublic": "2023-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-31T00:00:00.000Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
            },
            {
              "url": "https://www.generex.de/support/changelogs/cs141/page:2"
            },
            {
              "url": "https://www.generex.de/support/changelogs/cs141/2-12"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022."
            }
          ],
          "source": {
            "advisory": "INCIBE-2023-0071",
            "defect": [
              "INC-2021-0055"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "RCE via file upload vulnerability in Generex CS141",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2022-47190",
        "datePublished": "2023-03-31T00:00:00.000Z",
        "dateReserved": "2022-12-12T00:00:00.000Z",
        "dateUpdated": "2025-02-11T19:08:06.211Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-47189 (GCVE-0-2022-47189)

    Vulnerability from nvd – Published: 2023-03-31 00:00 – Updated: 2025-02-12 14:51
    VLAI
    Title
    DoS via file upload vulnerability at Generex CS141
    Summary
    Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Generex UPS CS141 Affected: 2.06 , < 2.06 (custom)
    Create a notification for this product.
    Date Public
    2023-03-03 00:00
    Credits
    Joel Gámez Molina (@JoelGMSec)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:47:29.411Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/page:2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/2-12"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-47189",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-12T14:49:43.013708Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T14:51:18.859Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UPS CS141",
              "vendor": "Generex",
              "versions": [
                {
                  "lessThan": "2.06",
                  "status": "affected",
                  "version": "2.06",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Joel G\u00e1mez Molina (@JoelGMSec)"
            }
          ],
          "datePublic": "2023-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-31T00:00:00.000Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
            },
            {
              "url": "https://www.generex.de/support/changelogs/cs141/page:2"
            },
            {
              "url": "https://www.generex.de/support/changelogs/cs141/2-12"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022."
            }
          ],
          "source": {
            "advisory": "INCIBE-2023-0071",
            "defect": [
              "INC-2021-0055"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "DoS via file upload vulnerability at Generex CS141",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2022-47189",
        "datePublished": "2023-03-31T00:00:00.000Z",
        "dateReserved": "2022-12-12T00:00:00.000Z",
        "dateUpdated": "2025-02-12T14:51:18.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-47188 (GCVE-0-2022-47188)

    Vulnerability from nvd – Published: 2023-03-31 00:00 – Updated: 2025-02-12 14:52
    VLAI
    Title
    Improper Input Validation in Generex CS141
    Summary
    There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Generex UPS CS141 Affected: 2.06 , < 2.06 (custom)
    Create a notification for this product.
    Date Public
    2023-03-03 00:00
    Credits
    Joel Gámez Molina (@JoelGMSec)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:47:29.466Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/page:2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/2-12"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-47188",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-12T14:52:40.522271Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T14:52:45.725Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UPS CS141",
              "vendor": "Generex",
              "versions": [
                {
                  "lessThan": "2.06",
                  "status": "affected",
                  "version": "2.06",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Joel G\u00e1mez Molina (@JoelGMSec)"
            }
          ],
          "datePublic": "2023-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-31T00:00:00.000Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
            },
            {
              "url": "https://www.generex.de/support/changelogs/cs141/page:2"
            },
            {
              "url": "https://www.generex.de/support/changelogs/cs141/2-12"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022."
            }
          ],
          "source": {
            "advisory": "INCIBE-2023-0071",
            "defect": [
              "INC-2021-0055"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Improper Input Validation in Generex CS141",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2022-47188",
        "datePublished": "2023-03-31T00:00:00.000Z",
        "dateReserved": "2022-12-12T00:00:00.000Z",
        "dateUpdated": "2025-02-12T14:52:45.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-47187 (GCVE-0-2022-47187)

    Vulnerability from cvelistv5 – Published: 2023-09-28 13:30 – Updated: 2024-09-23 18:54
    VLAI
    Title
    File upload XSS vulnerability in Generex CS141
    Summary
    There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Generex UPS CS141 Affected: 0 , < 2.06 (custom)
    Create a notification for this product.
    generex ups-cs141 Affected: 0 , < 2.06 (custom)
        cpe:2.3:a:generex:ups-cs141:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-03-02 23:00
    Credits
    Joel Gámez Molina (@JoelGMSec)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:47:29.378Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/2-12"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:generex:ups-cs141:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ups-cs141",
                "vendor": "generex",
                "versions": [
                  {
                    "lessThan": "2.06",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-47187",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-23T18:52:27.863483Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-23T18:54:02.859Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UPS CS141",
              "vendor": "Generex",
              "versions": [
                {
                  "lessThan": "2.06",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Joel G\u00e1mez Molina (@JoelGMSec)"
            }
          ],
          "datePublic": "2023-03-02T23:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThere is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.\u003c/p\u003e"
                }
              ],
              "value": "There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-28T13:30:27.188Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.generex.de/support/changelogs/cs141/2-12"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022.\u003c/p\u003e"
                }
              ],
              "value": "This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022.\n\n"
            }
          ],
          "source": {
            "advisory": "INCIBE-2023-0071",
            "discovery": "EXTERNAL"
          },
          "title": "File upload XSS vulnerability in Generex CS141",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2022-47187",
        "datePublished": "2023-09-28T13:30:27.188Z",
        "dateReserved": "2022-12-12T17:08:47.302Z",
        "dateUpdated": "2024-09-23T18:54:02.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-47186 (GCVE-0-2022-47186)

    Vulnerability from cvelistv5 – Published: 2023-09-28 13:26 – Updated: 2024-09-23 18:59
    VLAI
    Title
    Unrestricted Upload of File vulnerability in Generex CS141
    Summary
    There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    Generex UPS CS141 Affected: 0 , < 2.06 (custom)
    Create a notification for this product.
    generex ups-cs141 Affected: 0 , < 2.06 (custom)
        cpe:2.3:a:generex:ups-cs141:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2023-03-02 23:00
    Credits
    Joel Gámez Molina (@JoelGMSec)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:47:29.482Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/page:2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:generex:ups-cs141:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ups-cs141",
                "vendor": "generex",
                "versions": [
                  {
                    "lessThan": "2.06",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-47186",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-23T18:58:23.012701Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-23T18:59:29.643Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UPS CS141",
              "vendor": "Generex",
              "versions": [
                {
                  "lessThan": "2.06",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Joel G\u00e1mez Molina (@JoelGMSec)"
            }
          ],
          "datePublic": "2023-03-02T23:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the \"upload\" directory."
                }
              ],
              "value": "There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the \"upload\" directory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-28T13:32:39.340Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.generex.de/support/changelogs/cs141/page:2"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThis vulnerability, has been fixed by Generex team in CS141 version 2.06, released on April 2022.\u003c/p\u003e"
                }
              ],
              "value": "This vulnerability, has been fixed by Generex team in CS141 version 2.06, released on April 2022.\n\n"
            }
          ],
          "source": {
            "advisory": "INCIBE-2023-0071",
            "discovery": "EXTERNAL"
          },
          "title": "Unrestricted Upload of File vulnerability in Generex CS141",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2022-47186",
        "datePublished": "2023-09-28T13:26:12.138Z",
        "dateReserved": "2022-12-12T17:08:47.302Z",
        "dateUpdated": "2024-09-23T18:59:29.643Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-47192 (GCVE-0-2022-47192)

    Vulnerability from cvelistv5 – Published: 2023-03-31 00:00 – Updated: 2025-02-11 19:02
    VLAI
    Title
    Admin password reset via file upload vulnerability in Generex CS141
    Summary
    Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Generex UPS CS141 Affected: 2.06 , < 2.06 (custom)
    Create a notification for this product.
    Date Public
    2023-03-03 00:00
    Credits
    Joel Gámez Molina (@JoelGMSec)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:47:29.346Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/page:2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/2-12"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-47192",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-11T19:02:45.274432Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-11T19:02:51.017Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UPS CS141",
              "vendor": "Generex",
              "versions": [
                {
                  "lessThan": "2.06",
                  "status": "affected",
                  "version": "2.06",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Joel G\u00e1mez Molina (@JoelGMSec)"
            }
          ],
          "datePublic": "2023-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified \"users.json\" to the web server of the device, allowing him to replace the administrator password."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-31T00:00:00.000Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
            },
            {
              "url": "https://www.generex.de/support/changelogs/cs141/page:2"
            },
            {
              "url": "https://www.generex.de/support/changelogs/cs141/2-12"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This vulnerability has been fixed by Generex team in CS141 version 2.12, released on December 2022."
            }
          ],
          "source": {
            "advisory": "INCIBE-2023-0071",
            "defect": [
              "INC-2021-0055"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Admin password reset via file upload vulnerability in Generex CS141",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2022-47192",
        "datePublished": "2023-03-31T00:00:00.000Z",
        "dateReserved": "2022-12-12T00:00:00.000Z",
        "dateUpdated": "2025-02-11T19:02:51.017Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-47191 (GCVE-0-2022-47191)

    Vulnerability from cvelistv5 – Published: 2023-03-31 00:00 – Updated: 2025-02-11 19:03
    VLAI
    Title
    Privilege Escalation via file upload vulnerability at Generex CS141
    Summary
    Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Generex UPS CS141 Affected: 2.06 , < 2.06 (custom)
    Create a notification for this product.
    Date Public
    2023-03-03 00:00
    Credits
    Joel Gámez Molina (@JoelGMSec)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:47:29.525Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/page:2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/2-12"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-47191",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-11T19:03:16.341369Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-11T19:03:20.719Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UPS CS141",
              "vendor": "Generex",
              "versions": [
                {
                  "lessThan": "2.06",
                  "status": "affected",
                  "version": "2.06",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Joel G\u00e1mez Molina (@JoelGMSec)"
            }
          ],
          "datePublic": "2023-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-31T00:00:00.000Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
            },
            {
              "url": "https://www.generex.de/support/changelogs/cs141/page:2"
            },
            {
              "url": "https://www.generex.de/support/changelogs/cs141/2-12"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This vulnerability has been fixed by Generex team in CS141 version 2.12, released on December 2022."
            }
          ],
          "source": {
            "advisory": "INCIBE-2023-0071",
            "defect": [
              "INC-2021-0055"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Privilege Escalation via file upload vulnerability at Generex CS141",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2022-47191",
        "datePublished": "2023-03-31T00:00:00.000Z",
        "dateReserved": "2022-12-12T00:00:00.000Z",
        "dateUpdated": "2025-02-11T19:03:20.719Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-47188 (GCVE-0-2022-47188)

    Vulnerability from cvelistv5 – Published: 2023-03-31 00:00 – Updated: 2025-02-12 14:52
    VLAI
    Title
    Improper Input Validation in Generex CS141
    Summary
    There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Generex UPS CS141 Affected: 2.06 , < 2.06 (custom)
    Create a notification for this product.
    Date Public
    2023-03-03 00:00
    Credits
    Joel Gámez Molina (@JoelGMSec)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:47:29.466Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/page:2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/2-12"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-47188",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-12T14:52:40.522271Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T14:52:45.725Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UPS CS141",
              "vendor": "Generex",
              "versions": [
                {
                  "lessThan": "2.06",
                  "status": "affected",
                  "version": "2.06",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Joel G\u00e1mez Molina (@JoelGMSec)"
            }
          ],
          "datePublic": "2023-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-31T00:00:00.000Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
            },
            {
              "url": "https://www.generex.de/support/changelogs/cs141/page:2"
            },
            {
              "url": "https://www.generex.de/support/changelogs/cs141/2-12"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022."
            }
          ],
          "source": {
            "advisory": "INCIBE-2023-0071",
            "defect": [
              "INC-2021-0055"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Improper Input Validation in Generex CS141",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2022-47188",
        "datePublished": "2023-03-31T00:00:00.000Z",
        "dateReserved": "2022-12-12T00:00:00.000Z",
        "dateUpdated": "2025-02-12T14:52:45.725Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-47189 (GCVE-0-2022-47189)

    Vulnerability from cvelistv5 – Published: 2023-03-31 00:00 – Updated: 2025-02-12 14:51
    VLAI
    Title
    DoS via file upload vulnerability at Generex CS141
    Summary
    Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Generex UPS CS141 Affected: 2.06 , < 2.06 (custom)
    Create a notification for this product.
    Date Public
    2023-03-03 00:00
    Credits
    Joel Gámez Molina (@JoelGMSec)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:47:29.411Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/page:2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/2-12"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-47189",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-12T14:49:43.013708Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-12T14:51:18.859Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UPS CS141",
              "vendor": "Generex",
              "versions": [
                {
                  "lessThan": "2.06",
                  "status": "affected",
                  "version": "2.06",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Joel G\u00e1mez Molina (@JoelGMSec)"
            }
          ],
          "datePublic": "2023-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-31T00:00:00.000Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
            },
            {
              "url": "https://www.generex.de/support/changelogs/cs141/page:2"
            },
            {
              "url": "https://www.generex.de/support/changelogs/cs141/2-12"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022."
            }
          ],
          "source": {
            "advisory": "INCIBE-2023-0071",
            "defect": [
              "INC-2021-0055"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "DoS via file upload vulnerability at Generex CS141",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2022-47189",
        "datePublished": "2023-03-31T00:00:00.000Z",
        "dateReserved": "2022-12-12T00:00:00.000Z",
        "dateUpdated": "2025-02-12T14:51:18.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-47190 (GCVE-0-2022-47190)

    Vulnerability from cvelistv5 – Published: 2023-03-31 00:00 – Updated: 2025-02-11 19:08
    VLAI
    Title
    RCE via file upload vulnerability in Generex CS141
    Summary
    Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Generex UPS CS141 Affected: 2.06 , < 2.06 (custom)
    Create a notification for this product.
    Date Public
    2023-03-03 00:00
    Credits
    Joel Gámez Molina (@JoelGMSec)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:47:29.483Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/page:2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.generex.de/support/changelogs/cs141/2-12"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-47190",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-11T19:08:01.603426Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-11T19:08:06.211Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UPS CS141",
              "vendor": "Generex",
              "versions": [
                {
                  "lessThan": "2.06",
                  "status": "affected",
                  "version": "2.06",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Joel G\u00e1mez Molina (@JoelGMSec)"
            }
          ],
          "datePublic": "2023-03-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-31T00:00:00.000Z",
            "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
            "shortName": "INCIBE"
          },
          "references": [
            {
              "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
            },
            {
              "url": "https://www.generex.de/support/changelogs/cs141/page:2"
            },
            {
              "url": "https://www.generex.de/support/changelogs/cs141/2-12"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022."
            }
          ],
          "source": {
            "advisory": "INCIBE-2023-0071",
            "defect": [
              "INC-2021-0055"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "RCE via file upload vulnerability in Generex CS141",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "assignerShortName": "INCIBE",
        "cveId": "CVE-2022-47190",
        "datePublished": "2023-03-31T00:00:00.000Z",
        "dateReserved": "2022-12-12T00:00:00.000Z",
        "dateUpdated": "2025-02-11T19:08:06.211Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }