CyberPower PowerPanel Enterprise Power Device Network Utility Multiple Vulnerabilities

February 2, 2024 - Tenable attempts to establish a security contact with the vendor.
February 7, 2024 - Tenable discloses issues to vendor.
March 18, 2024 - Vendor states test version should be available by early April.
March 28, 2024 - Vendor states test version is targeted for week of April 15.
April 15, 2024 - Vendor provides Tenable with preview release.
April 16, 2024 - Tenable provides feedback of preview release to vendor.
April 17, 2024 - Tenable requests clarification from vendor regarding patch functionality.
April 19, 2024 - Vendor requests clarification on disclosure date.
April 22, 2024 - Vendor requests disclosure deadline extension.
May 9, 2024 - Vendor releases patch ahead of coordinated disclosure date.


This Cyber News was published on www.tenable.com. Publication date: Thu, 09 May 2024 14:55:09 +0000


Cyber News related to CyberPower PowerPanel Enterprise Power Device Network Utility Multiple Vulnerabilities

CVE-2023-25133 - Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 ...
1 year ago
CVE-2023-25132 - Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for ...
1 year ago
CVE-2023-25131 - Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel ...
1 year ago
Cybersecurity In Critical Infrastructure: Protecting Power Grids and Smart Grids - Cyber Defense Magazine - Network Intrusion: Network communication systems of power and smart grids can be intruded through weak security configurations like default password, unsecured remote access, or unpatched systems and other vulnerabilities to gain control into the ...
2 months ago Cyberdefensemagazine.com
CVE-2024-32739 - CVE-2024-32735 - Missing Authentication for Critical Function (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)An unauthenticated remote attacker can access the PDNU REST APIs. For example, the attacker can fetch sensitive information (i.e., login ...
7 months ago Tenable.com
CVE-2024-32738 - CVE-2024-32735 - Missing Authentication for Critical Function (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)An unauthenticated remote attacker can access the PDNU REST APIs. For example, the attacker can fetch sensitive information (i.e., login ...
7 months ago Tenable.com
CVE-2024-32737 - CVE-2024-32735 - Missing Authentication for Critical Function (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)An unauthenticated remote attacker can access the PDNU REST APIs. For example, the attacker can fetch sensitive information (i.e., login ...
7 months ago Tenable.com
CVE-2024-32736 - CVE-2024-32735 - Missing Authentication for Critical Function (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)An unauthenticated remote attacker can access the PDNU REST APIs. For example, the attacker can fetch sensitive information (i.e., login ...
7 months ago Tenable.com
CVE-2024-32735 - CVE-2024-32735 - Missing Authentication for Critical Function (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)An unauthenticated remote attacker can access the PDNU REST APIs. For example, the attacker can fetch sensitive information (i.e., login ...
7 months ago Tenable.com
CVE-2020-8023 - A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Point of ...
4 years ago
CMDB: Device Visibility for Bank Security - Let us see how a device visibility and control software functions to automatically alert when a rogue or unauthorized device enters your network. Device visibility and control is a cybersecurity concept that refers to the ability to discover, ...
11 months ago Feeds.dzone.com
CVE-2023-3265 - An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable ...
1 year ago
Network Protection: How to Secure a Network - Network security protects and monitors the links and the communications within the network using a combination of hardware, software, and enforced policies. Best practices for network security directly counter the major threats to the network with ...
7 months ago Esecurityplanet.com
Sandworm Hackers Caused Another Blackout in Ukraine-During a Missile Strike - The notorious unit of Russia's GRU military intelligence agency known as Sandworm remains the only team of hackers to have ever triggered blackouts with their cyberattacks, turning off the lights for hundreds of thousands of Ukrainian civilians not ...
1 year ago Wired.com
Why Use a VLAN? Unveiling the Benefits of Virtual LANs in Network Security - Virtual Local Area Networks, or VLANs, serve as a critical computing technology designed for effective network traffic management. How VLANs function within a network environment revolves around effectively managing and directing network traffic. ...
11 months ago Securityboulevard.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Coming Soon to Wi-SUN Field Area Network: Versatility to connect sensors with low power and high throughput capabilities - The Catalyst IR8140 Heavy Duty Series Router will be Cisco's first router to support new Capabilities for FAN 1.1. In 2019 the Wi-SUN Alliance introduced the first certified products implementing Field Area Network 1.0, which is a secure, ...
9 months ago Feedpress.me
CVE-2021-27196 - Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC ...
1 year ago
CVE-2020-8022 - A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise ...
3 years ago
CyberPower PowerPanel Enterprise Power Device Network Utility Multiple Vulnerabilities - February 2, 2024 - Tenable attempts to establish a security contact with the vendor. February 7, 2024 - Tenable discloses issues to vendor. March 18, 2024 - Vendor states test version should be available by early April. March 28, 2024 - Vendor states ...
7 months ago Tenable.com
CVE-2024-32053 - Hard-coded credentials are used by the  ...
7 months ago
CVE-2021-22815 - A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network ...
2 years ago
CVE-2021-22814 - A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase ...
2 years ago
CVE-2021-22813 - A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the ...
2 years ago
CVE-2021-22812 - A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)