CVE-2022-47192: [Update 03/03/2023] Multiple vulnerabilities in Generex UPS CS141

Home / Early Warning / Ics Advisories / [Update 03/03/2023] Multiple vulnerabilities in Generex UPS CS141

Affected resources:

• UPS CS141, versions lower than 2.06

Description:

INCIBE has coordinated the publication of 7 vulnerabilities in Generex UPS CS141 adapter, which has been discovered by Joel Gámez Molina (@JoelGMSec).

These vulnerabilities have been assigned the following codes:

• CVE-2022-47186. Base score CVSS v3.1 of 7,5, being the CVSS string: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.
• CVE-2022-47187. Base score CVSS v3.1 of 5,3, being the CVSS string: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.
• CVE-2022-47188. Base score CVSS v3.1 of 7,5, being the CVSS string: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.
• CVE-2022-47189. Base score CVSS v3.1 of 7,5, being the CVSS string: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.
• CVE-2022-47190. Base score CVSS v3.1 of 10,0, being the CVSS string: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.
• CVE-2022-47191. Base score CVSS v3.1 of 4,3, being the CVSS string: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.
• CVE-2022-47192. Base score CVSS v3.1 of 8,8, being the CVSS string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Detail:

• CVE-2022-47186:
  • An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the “upload” directory.
  • The vulnerability type is CWE-434: Unrestricted Upload of File with Dangerous Type.
• CVE-2022-47187:
  • The web application allows file uploads, which may allow an attacker to upload a file with HTML content in which an XSS payload can be injected.
  • The vulnerability type is CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’).
• CVE-2022-47188:
  • There is an arbitrary file reading vulnerability. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.
  • The vulnerability type is CWE-20: Improper Input Validation.
• CVE-2022-47189:
  • An attacker could upload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device.
  • The vulnerability type is CWE-20: Improper Input Validation.
• CVE-2022-47190:
  • A remote attacker could upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.
  • The vulnerability type is CWE-20: Improper Input Validation.
• CVE-2022-47191:
  • A remote attacker could upload a firmware file containing a file with modified permissions, allowing him to escalate privileges.
  • The vulnerability type is CWE-20: Improper Input Validation.
• CVE-2022-47192:
  • A remote attacker, could upload a backup file containing a modified “users.json” to the web server of Generex CS141 device, allowing him to replace the administrator password.
  • The vulnerability type is CWE-20: Improper Input Validation.

If you have any information regarding this advisory, please contact INCIBE as indicated in the 'CVE assignment and publication’.