CVE-2022-47190 – CVE-2022-47190 allows remote attackers to uploa... (How to Fix)

Q: What is the severity of CVE-2022-47190?

CVE-2022-47190 has a CVSS score of 10.0 (CRITICAL). CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex UPS CS141 devices, enabling arbitrary code execution with root privileges. This affects organizations using Generex UPS CS141 devices for power management, particularly in industrial and critical infrastructure environments.

📋 TL;DR

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex UPS CS141 devices, enabling arbitrary code execution with root privileges. This affects organizations using Generex UPS CS141 devices for power management, particularly in industrial and critical infrastructure environments.

💻 Affected Systems

Products:

Generex UPS CS141

Versions: All versions below 2.06

Operating Systems: Embedded Linux-based UPS firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface of the UPS devices. No special configuration required for exploitation.

📦 What is this software?

Cs141 Firmware by Generex

View all CVEs affecting Cs141 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the UPS device allowing root-level arbitrary code execution, potential disruption of power management systems, and lateral movement into connected networks.

🟠

Likely Case

Remote attackers upload webshells to gain persistent access, execute commands, and potentially disrupt UPS operations or use the device as a pivot point.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external access to UPS management interfaces.

🌐 Internet-Facing: HIGH - The vulnerability allows remote exploitation without authentication, making internet-exposed devices immediate targets.

🏢 Internal Only: HIGH - Even internally, the vulnerability allows unauthenticated attackers on the same network to compromise UPS devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability description indicates remote unauthenticated firmware upload leading to webshell deployment, suggesting straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.06 and above

Vendor Advisory: https://www.generex.de/support/changelogs/cs141/2-12

Restart Required: Yes

Instructions:

1. Download firmware version 2.06 or higher from Generex support portal. 2. Log into UPS web interface. 3. Navigate to firmware update section. 4. Upload and apply the new firmware. 5. Reboot the UPS device.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate UPS management interfaces from untrusted networks and restrict access to authorized IPs only.

Access Control Lists

all

Implement firewall rules to block external access to UPS web management ports (typically 80/443).

🧯 If You Can't Patch

Segment UPS devices on isolated VLANs with strict firewall rules
Implement network monitoring for suspicious firmware upload attempts to UPS devices

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface: Login to UPS web interface and check System Information or About page for firmware version.

Check Version:

No CLI command - check via web interface at http(s)://[UPS_IP]/

Verify Fix Applied:

Confirm firmware version is 2.06 or higher after update. Test that unauthorized firmware uploads are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual firmware upload events in UPS logs
Webshell file creation in filesystem logs
Unexpected root-level process execution

Network Indicators:

HTTP POST requests to firmware upload endpoints from unauthorized sources
Suspicious outbound connections from UPS device

SIEM Query:

source="ups_logs" AND (event="firmware_upload" OR event="file_creation" AND file="*.php" OR file="*.jsp")

📊 Metadata

CVE ID: CVE-2022-47190

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-20

Published: March 31, 2023

Last Updated: November 21, 2024

🔗 References

https://www.generex.de/support/changelogs/cs141/2-12 Vendor Advisory
https://www.generex.de/support/changelogs/cs141/page:2 Vendor Advisory
https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141 Third Party Advisory
https://www.generex.de/support/changelogs/cs141/2-12 Vendor Advisory
https://www.generex.de/support/changelogs/cs141/page:2 Vendor Advisory
https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-47190, you might also want to check these: