Search criteria
14 vulnerabilities found for UPS CS141 by Generex
CVE-2022-47187 (GCVE-0-2022-47187)
Vulnerability from cvelistv5 – Published: 2023-09-28 13:30 – Updated: 2024-09-23 18:54
VLAI?
Title
File upload XSS vulnerability in Generex CS141
Summary
There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.
Severity ?
5.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Credits
Joel Gámez Molina (@JoelGMSec)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:47:29.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:generex:ups-cs141:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ups-cs141",
"vendor": "generex",
"versions": [
{
"lessThan": "2.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47187",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T18:52:27.863483Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T18:54:02.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UPS CS141",
"vendor": "Generex",
"versions": [
{
"lessThan": "2.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joel G\u00e1mez Molina (@JoelGMSec)"
}
],
"datePublic": "2023-03-02T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.\u003c/p\u003e"
}
],
"value": "There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-28T13:30:27.188Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"tags": [
"release-notes"
],
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022.\u003c/p\u003e"
}
],
"value": "This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022.\n\n"
}
],
"source": {
"advisory": "INCIBE-2023-0071",
"discovery": "EXTERNAL"
},
"title": "File upload XSS vulnerability in Generex CS141",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-47187",
"datePublished": "2023-09-28T13:30:27.188Z",
"dateReserved": "2022-12-12T17:08:47.302Z",
"dateUpdated": "2024-09-23T18:54:02.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47186 (GCVE-0-2022-47186)
Vulnerability from cvelistv5 – Published: 2023-09-28 13:26 – Updated: 2024-09-23 18:59
VLAI?
Title
Unrestricted Upload of File vulnerability in Generex CS141
Summary
There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory.
Severity ?
7.5 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Credits
Joel Gámez Molina (@JoelGMSec)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:47:29.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:generex:ups-cs141:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ups-cs141",
"vendor": "generex",
"versions": [
{
"lessThan": "2.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T18:58:23.012701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T18:59:29.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UPS CS141",
"vendor": "Generex",
"versions": [
{
"lessThan": "2.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joel G\u00e1mez Molina (@JoelGMSec)"
}
],
"datePublic": "2023-03-02T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the \"upload\" directory."
}
],
"value": "There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the \"upload\" directory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-28T13:32:39.340Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"tags": [
"release-notes"
],
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis vulnerability, has been fixed by Generex team in CS141 version 2.06, released on April 2022.\u003c/p\u003e"
}
],
"value": "This vulnerability, has been fixed by Generex team in CS141 version 2.06, released on April 2022.\n\n"
}
],
"source": {
"advisory": "INCIBE-2023-0071",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File vulnerability in Generex CS141",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-47186",
"datePublished": "2023-09-28T13:26:12.138Z",
"dateReserved": "2022-12-12T17:08:47.302Z",
"dateUpdated": "2024-09-23T18:59:29.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47191 (GCVE-0-2022-47191)
Vulnerability from cvelistv5 – Published: 2023-03-31 00:00 – Updated: 2025-02-11 19:03
VLAI?
Title
Privilege Escalation via file upload vulnerability at Generex CS141
Summary
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges.
Severity ?
4.3 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Credits
Joel Gámez Molina (@JoelGMSec)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:47:29.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47191",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T19:03:16.341369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T19:03:20.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UPS CS141",
"vendor": "Generex",
"versions": [
{
"lessThan": "2.06",
"status": "affected",
"version": "2.06",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Joel G\u00e1mez Molina (@JoelGMSec)"
}
],
"datePublic": "2023-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-31T00:00:00.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"solutions": [
{
"lang": "en",
"value": "This vulnerability has been fixed by Generex team in CS141 version 2.12, released on December 2022."
}
],
"source": {
"advisory": "INCIBE-2023-0071",
"defect": [
"INC-2021-0055"
],
"discovery": "EXTERNAL"
},
"title": "Privilege Escalation via file upload vulnerability at Generex CS141",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-47191",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2022-12-12T00:00:00.000Z",
"dateUpdated": "2025-02-11T19:03:20.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47188 (GCVE-0-2022-47188)
Vulnerability from cvelistv5 – Published: 2023-03-31 00:00 – Updated: 2025-02-12 14:52
VLAI?
Title
Improper Input Validation in Generex CS141
Summary
There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Credits
Joel Gámez Molina (@JoelGMSec)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:47:29.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T14:52:40.522271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T14:52:45.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UPS CS141",
"vendor": "Generex",
"versions": [
{
"lessThan": "2.06",
"status": "affected",
"version": "2.06",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Joel G\u00e1mez Molina (@JoelGMSec)"
}
],
"datePublic": "2023-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-31T00:00:00.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"solutions": [
{
"lang": "en",
"value": "This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022."
}
],
"source": {
"advisory": "INCIBE-2023-0071",
"defect": [
"INC-2021-0055"
],
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in Generex CS141",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-47188",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2022-12-12T00:00:00.000Z",
"dateUpdated": "2025-02-12T14:52:45.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47192 (GCVE-0-2022-47192)
Vulnerability from cvelistv5 – Published: 2023-03-31 00:00 – Updated: 2025-02-11 19:02
VLAI?
Title
Admin password reset via file upload vulnerability in Generex CS141
Summary
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password.
Severity ?
8.8 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Credits
Joel Gámez Molina (@JoelGMSec)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:47:29.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T19:02:45.274432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T19:02:51.017Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UPS CS141",
"vendor": "Generex",
"versions": [
{
"lessThan": "2.06",
"status": "affected",
"version": "2.06",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Joel G\u00e1mez Molina (@JoelGMSec)"
}
],
"datePublic": "2023-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified \"users.json\" to the web server of the device, allowing him to replace the administrator password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-31T00:00:00.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"solutions": [
{
"lang": "en",
"value": "This vulnerability has been fixed by Generex team in CS141 version 2.12, released on December 2022."
}
],
"source": {
"advisory": "INCIBE-2023-0071",
"defect": [
"INC-2021-0055"
],
"discovery": "EXTERNAL"
},
"title": "Admin password reset via file upload vulnerability in Generex CS141",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-47192",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2022-12-12T00:00:00.000Z",
"dateUpdated": "2025-02-11T19:02:51.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47190 (GCVE-0-2022-47190)
Vulnerability from cvelistv5 – Published: 2023-03-31 00:00 – Updated: 2025-02-11 19:08
VLAI?
Title
RCE via file upload vulnerability in Generex CS141
Summary
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.
Severity ?
10 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Credits
Joel Gámez Molina (@JoelGMSec)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:47:29.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47190",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T19:08:01.603426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T19:08:06.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UPS CS141",
"vendor": "Generex",
"versions": [
{
"lessThan": "2.06",
"status": "affected",
"version": "2.06",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Joel G\u00e1mez Molina (@JoelGMSec)"
}
],
"datePublic": "2023-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-31T00:00:00.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"solutions": [
{
"lang": "en",
"value": "This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022."
}
],
"source": {
"advisory": "INCIBE-2023-0071",
"defect": [
"INC-2021-0055"
],
"discovery": "EXTERNAL"
},
"title": "RCE via file upload vulnerability in Generex CS141",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-47190",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2022-12-12T00:00:00.000Z",
"dateUpdated": "2025-02-11T19:08:06.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47189 (GCVE-0-2022-47189)
Vulnerability from cvelistv5 – Published: 2023-03-31 00:00 – Updated: 2025-02-12 14:51
VLAI?
Title
DoS via file upload vulnerability at Generex CS141
Summary
Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Credits
Joel Gámez Molina (@JoelGMSec)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:47:29.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47189",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T14:49:43.013708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T14:51:18.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UPS CS141",
"vendor": "Generex",
"versions": [
{
"lessThan": "2.06",
"status": "affected",
"version": "2.06",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Joel G\u00e1mez Molina (@JoelGMSec)"
}
],
"datePublic": "2023-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-31T00:00:00.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"solutions": [
{
"lang": "en",
"value": "This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022."
}
],
"source": {
"advisory": "INCIBE-2023-0071",
"defect": [
"INC-2021-0055"
],
"discovery": "EXTERNAL"
},
"title": "DoS via file upload vulnerability at Generex CS141",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-47189",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2022-12-12T00:00:00.000Z",
"dateUpdated": "2025-02-12T14:51:18.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47187 (GCVE-0-2022-47187)
Vulnerability from nvd – Published: 2023-09-28 13:30 – Updated: 2024-09-23 18:54
VLAI?
Title
File upload XSS vulnerability in Generex CS141
Summary
There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.
Severity ?
5.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Credits
Joel Gámez Molina (@JoelGMSec)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:47:29.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:generex:ups-cs141:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ups-cs141",
"vendor": "generex",
"versions": [
{
"lessThan": "2.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47187",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T18:52:27.863483Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T18:54:02.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UPS CS141",
"vendor": "Generex",
"versions": [
{
"lessThan": "2.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joel G\u00e1mez Molina (@JoelGMSec)"
}
],
"datePublic": "2023-03-02T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.\u003c/p\u003e"
}
],
"value": "There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-28T13:30:27.188Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"tags": [
"release-notes"
],
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022.\u003c/p\u003e"
}
],
"value": "This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022.\n\n"
}
],
"source": {
"advisory": "INCIBE-2023-0071",
"discovery": "EXTERNAL"
},
"title": "File upload XSS vulnerability in Generex CS141",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-47187",
"datePublished": "2023-09-28T13:30:27.188Z",
"dateReserved": "2022-12-12T17:08:47.302Z",
"dateUpdated": "2024-09-23T18:54:02.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47186 (GCVE-0-2022-47186)
Vulnerability from nvd – Published: 2023-09-28 13:26 – Updated: 2024-09-23 18:59
VLAI?
Title
Unrestricted Upload of File vulnerability in Generex CS141
Summary
There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory.
Severity ?
7.5 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Credits
Joel Gámez Molina (@JoelGMSec)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:47:29.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:generex:ups-cs141:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ups-cs141",
"vendor": "generex",
"versions": [
{
"lessThan": "2.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T18:58:23.012701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T18:59:29.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UPS CS141",
"vendor": "Generex",
"versions": [
{
"lessThan": "2.06",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Joel G\u00e1mez Molina (@JoelGMSec)"
}
],
"datePublic": "2023-03-02T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the \"upload\" directory."
}
],
"value": "There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the \"upload\" directory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-28T13:32:39.340Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"tags": [
"release-notes"
],
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis vulnerability, has been fixed by Generex team in CS141 version 2.06, released on April 2022.\u003c/p\u003e"
}
],
"value": "This vulnerability, has been fixed by Generex team in CS141 version 2.06, released on April 2022.\n\n"
}
],
"source": {
"advisory": "INCIBE-2023-0071",
"discovery": "EXTERNAL"
},
"title": "Unrestricted Upload of File vulnerability in Generex CS141",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-47186",
"datePublished": "2023-09-28T13:26:12.138Z",
"dateReserved": "2022-12-12T17:08:47.302Z",
"dateUpdated": "2024-09-23T18:59:29.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47191 (GCVE-0-2022-47191)
Vulnerability from nvd – Published: 2023-03-31 00:00 – Updated: 2025-02-11 19:03
VLAI?
Title
Privilege Escalation via file upload vulnerability at Generex CS141
Summary
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges.
Severity ?
4.3 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Credits
Joel Gámez Molina (@JoelGMSec)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:47:29.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47191",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T19:03:16.341369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T19:03:20.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UPS CS141",
"vendor": "Generex",
"versions": [
{
"lessThan": "2.06",
"status": "affected",
"version": "2.06",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Joel G\u00e1mez Molina (@JoelGMSec)"
}
],
"datePublic": "2023-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-31T00:00:00.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"solutions": [
{
"lang": "en",
"value": "This vulnerability has been fixed by Generex team in CS141 version 2.12, released on December 2022."
}
],
"source": {
"advisory": "INCIBE-2023-0071",
"defect": [
"INC-2021-0055"
],
"discovery": "EXTERNAL"
},
"title": "Privilege Escalation via file upload vulnerability at Generex CS141",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-47191",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2022-12-12T00:00:00.000Z",
"dateUpdated": "2025-02-11T19:03:20.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47188 (GCVE-0-2022-47188)
Vulnerability from nvd – Published: 2023-03-31 00:00 – Updated: 2025-02-12 14:52
VLAI?
Title
Improper Input Validation in Generex CS141
Summary
There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Credits
Joel Gámez Molina (@JoelGMSec)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:47:29.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T14:52:40.522271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T14:52:45.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UPS CS141",
"vendor": "Generex",
"versions": [
{
"lessThan": "2.06",
"status": "affected",
"version": "2.06",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Joel G\u00e1mez Molina (@JoelGMSec)"
}
],
"datePublic": "2023-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-31T00:00:00.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"solutions": [
{
"lang": "en",
"value": "This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022."
}
],
"source": {
"advisory": "INCIBE-2023-0071",
"defect": [
"INC-2021-0055"
],
"discovery": "EXTERNAL"
},
"title": "Improper Input Validation in Generex CS141",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-47188",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2022-12-12T00:00:00.000Z",
"dateUpdated": "2025-02-12T14:52:45.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47192 (GCVE-0-2022-47192)
Vulnerability from nvd – Published: 2023-03-31 00:00 – Updated: 2025-02-11 19:02
VLAI?
Title
Admin password reset via file upload vulnerability in Generex CS141
Summary
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password.
Severity ?
8.8 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Credits
Joel Gámez Molina (@JoelGMSec)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:47:29.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T19:02:45.274432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T19:02:51.017Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UPS CS141",
"vendor": "Generex",
"versions": [
{
"lessThan": "2.06",
"status": "affected",
"version": "2.06",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Joel G\u00e1mez Molina (@JoelGMSec)"
}
],
"datePublic": "2023-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified \"users.json\" to the web server of the device, allowing him to replace the administrator password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-31T00:00:00.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"solutions": [
{
"lang": "en",
"value": "This vulnerability has been fixed by Generex team in CS141 version 2.12, released on December 2022."
}
],
"source": {
"advisory": "INCIBE-2023-0071",
"defect": [
"INC-2021-0055"
],
"discovery": "EXTERNAL"
},
"title": "Admin password reset via file upload vulnerability in Generex CS141",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-47192",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2022-12-12T00:00:00.000Z",
"dateUpdated": "2025-02-11T19:02:51.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47190 (GCVE-0-2022-47190)
Vulnerability from nvd – Published: 2023-03-31 00:00 – Updated: 2025-02-11 19:08
VLAI?
Title
RCE via file upload vulnerability in Generex CS141
Summary
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.
Severity ?
10 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Credits
Joel Gámez Molina (@JoelGMSec)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:47:29.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47190",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T19:08:01.603426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T19:08:06.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UPS CS141",
"vendor": "Generex",
"versions": [
{
"lessThan": "2.06",
"status": "affected",
"version": "2.06",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Joel G\u00e1mez Molina (@JoelGMSec)"
}
],
"datePublic": "2023-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-31T00:00:00.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"solutions": [
{
"lang": "en",
"value": "This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022."
}
],
"source": {
"advisory": "INCIBE-2023-0071",
"defect": [
"INC-2021-0055"
],
"discovery": "EXTERNAL"
},
"title": "RCE via file upload vulnerability in Generex CS141",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-47190",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2022-12-12T00:00:00.000Z",
"dateUpdated": "2025-02-11T19:08:06.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47189 (GCVE-0-2022-47189)
Vulnerability from nvd – Published: 2023-03-31 00:00 – Updated: 2025-02-12 14:51
VLAI?
Title
DoS via file upload vulnerability at Generex CS141
Summary
Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device.
Severity ?
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Credits
Joel Gámez Molina (@JoelGMSec)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:47:29.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-47189",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T14:49:43.013708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T14:51:18.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "UPS CS141",
"vendor": "Generex",
"versions": [
{
"lessThan": "2.06",
"status": "affected",
"version": "2.06",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Joel G\u00e1mez Molina (@JoelGMSec)"
}
],
"datePublic": "2023-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-31T00:00:00.000Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/page:2"
},
{
"url": "https://www.generex.de/support/changelogs/cs141/2-12"
}
],
"solutions": [
{
"lang": "en",
"value": "This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022."
}
],
"source": {
"advisory": "INCIBE-2023-0071",
"defect": [
"INC-2021-0055"
],
"discovery": "EXTERNAL"
},
"title": "DoS via file upload vulnerability at Generex CS141",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2022-47189",
"datePublished": "2023-03-31T00:00:00.000Z",
"dateReserved": "2022-12-12T00:00:00.000Z",
"dateUpdated": "2025-02-12T14:51:18.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}