Login Sign Up

CVE-2022-47189

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Generex UPS CS141 devices allows attackers to upload malicious firmware files containing incorrect configurations, disrupting normal device functionality. It affects all CS141 devices running firmware versions below 2.06. This could lead to UPS failure and power disruption for connected equipment.

💻 Affected Systems

Products:
  • Generex UPS CS141
Versions: All versions below 2.06
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the UPS firmware itself, not host operating systems. All default configurations are vulnerable.

📦 What is this software?

Cs141 Firmware by Generex

View all CVEs affecting Cs141 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete UPS failure causing power loss to critical equipment, potential physical damage to connected devices, and extended downtime.

🟠

Likely Case

UPS malfunction leading to improper power regulation, potential data loss from connected systems, and service disruption.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing unauthorized firmware uploads.

🌐 Internet-Facing: MEDIUM - Requires network access to UPS management interface, but many UPS devices are not directly internet-facing.
🏢 Internal Only: HIGH - If internal network access is gained, attackers can exploit this to disrupt power infrastructure.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires network access to UPS management interface and ability to upload firmware files. No authentication bypass is mentioned in the CVE.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.06 and above

Vendor Advisory: https://www.generex.de/support/changelogs/cs141/2-12

Restart Required: Yes

Instructions:

1. Download firmware version 2.06 or higher from Generex support portal. 2. Access UPS management interface. 3. Upload and install new firmware. 4. Reboot UPS to apply changes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate UPS management interface from general network access

Access Control Lists

all

Restrict network access to UPS management interface to authorized IPs only

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate UPS management interfaces
  • Monitor network traffic to UPS devices for unauthorized firmware upload attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version via UPS web interface or management software. If version is below 2.06, device is vulnerable.

Check Version:

Check via UPS web interface or use manufacturer's management software

Verify Fix Applied:

Confirm firmware version is 2.06 or higher after update. Test UPS functionality remains normal.

📡 Detection & Monitoring

Log Indicators:

  • Firmware upload events in UPS logs
  • Unauthorized access attempts to management interface

Network Indicators:

  • HTTP POST requests to firmware upload endpoints
  • Unusual traffic to UPS management ports

SIEM Query:

source="ups_logs" AND (event="firmware_upload" OR event="config_change")

📊 Metadata

CVE ID: CVE-2022-47189
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-20
Published: March 31, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-47189, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)