OpenCVE

There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Generex	Cs141 Cs141 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:generex:cs141_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:generex:cs141:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.generex.de/support/changelogs/cs141/2-12
https://www.generex.de/support/changelogs/cs141/page:2
https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141

History

No history.

MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2023-03-31T00:00:00

Updated: 2024-08-03T14:47:29.466Z

Reserved: 2022-12-12T00:00:00

Link: CVE-2022-47188

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-03-31T22:15:07.227

Modified: 2024-11-21T07:31:40.420

Link: CVE-2022-47188

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-47188", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "assignerShortName": "INCIBE", "dateUpdated": "2024-08-03T14:47:29.466Z", "dateReserved": "2022-12-12T00:00:00", "datePublished": "2023-03-31T00:00:00"}, "containers": {"cna": {"title": "Improper Input Validation in Generex CS141", "datePublic": "2023-03-03T00:00:00", "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2023-03-31T00:00:00"}, "descriptions": [{"lang": "en", "value": "There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path."}], "affected": [{"vendor": "Generex", "product": "UPS CS141", "versions": [{"version": "2.06", "status": "affected", "lessThan": "2.06", "versionType": "custom"}]}], "references": [{"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"}, {"url": "https://www.generex.de/support/changelogs/cs141/page:2"}, {"url": "https://www.generex.de/support/changelogs/cs141/2-12"}], "credits": [{"lang": "en", "value": "Joel G\u00e1mez Molina (@JoelGMSec)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-20 Improper Input Validation", "cweId": "CWE-20"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "INCIBE-2023-0071", "defect": ["INC-2021-0055"], "discovery": "EXTERNAL"}, "solutions": [{"lang": "en", "value": "This vulnerability, has been fixed by Generex team in CS141 version 2.12, released on December 2022."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:47:29.466Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141", "tags": ["x_transferred"]}, {"url": "https://www.generex.de/support/changelogs/cs141/page:2", "tags": ["x_transferred"]}, {"url": "https://www.generex.de/support/changelogs/cs141/2-12", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:generex:cs141_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "45AC1134-C83A-435F-AFCB-32CC1E691C9E", "versionEndExcluding": "2.06", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:generex:cs141:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE00F7F0-4011-4F62-9E11-1BBDDCE4F46B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path."}], "id": "CVE-2022-47188", "lastModified": "2024-11-21T07:31:40.420", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-31T22:15:07.227", "references": [{"source": "cve-coordination@incibe.es", "tags": ["Vendor Advisory"], "url": "https://www.generex.de/support/changelogs/cs141/2-12"}, {"source": "cve-coordination@incibe.es", "tags": ["Vendor Advisory"], "url": "https://www.generex.de/support/changelogs/cs141/page:2"}, {"source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"], "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.generex.de/support/changelogs/cs141/2-12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.generex.de/support/changelogs/cs141/page:2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}