CVE-2022-47192 – CVE-2022-47192 allows remote attackers to uploa... (How to Fix)

Q: What is the severity of CVE-2022-47192?

CVE-2022-47192 has a CVSS score of 8.8 (HIGH). CVE-2022-47192 allows remote attackers to upload a modified backup file containing a manipulated 'users.json' to Generex UPS CS141 web servers. This enables replacement of the administrator password, potentially granting unauthorized administrative access. Organizations using Generex UPS CS141 devices below version 2.06 are affected.

📋 TL;DR

CVE-2022-47192 allows remote attackers to upload a modified backup file containing a manipulated 'users.json' to Generex UPS CS141 web servers. This enables replacement of the administrator password, potentially granting unauthorized administrative access. Organizations using Generex UPS CS141 devices below version 2.06 are affected.

💻 Affected Systems

Products:

Generex UPS CS141

Versions: All versions below 2.06

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Devices with web interface enabled are vulnerable. The backup/restore functionality is typically available by default.

📦 What is this software?

Cs141 Firmware by Generex

View all CVEs affecting Cs141 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of UPS management system allowing attacker to change configurations, disable alerts, or disrupt power management operations.

🟠

Likely Case

Unauthorized administrative access leading to configuration changes, monitoring disruption, or credential theft.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external exploitation.

🌐 Internet-Facing: HIGH - Web interface accessible remotely without authentication for the exploit.

🏢 Internal Only: MEDIUM - Requires internal network access but exploit is straightforward.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires uploading a specially crafted backup file via the web interface. No authentication needed for the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.06 and above

Vendor Advisory: https://www.generex.de/support/changelogs/cs141/2-12

Restart Required: Yes

Instructions:

1. Download firmware version 2.06 or later from Generex support portal. 2. Log into UPS web interface. 3. Navigate to System > Firmware Update. 4. Upload and apply the new firmware. 5. Reboot the device after update completes.

🔧 Temporary Workarounds

Disable web interface

all

Temporarily disable the web management interface if not required for operations.

Network access restrictions

linux

Restrict network access to UPS management interface using firewall rules.

iptables -A INPUT -p tcp --dport 80 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate UPS devices from untrusted networks
Monitor for unauthorized backup file uploads and password change attempts in logs

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface under System > Information. If version is below 2.06, device is vulnerable.

Check Version:

curl -s http://ups-ip/system/info | grep 'Firmware Version'

Verify Fix Applied:

After update, verify firmware version shows 2.06 or higher in System > Information. Test backup upload functionality with modified users.json should be rejected.

📡 Detection & Monitoring

Log Indicators:

Unauthorized backup file uploads
Administrator password change events from unexpected sources
Failed authentication attempts followed by successful backup upload

Network Indicators:

HTTP POST requests to backup upload endpoints from unauthorized IPs
Unusual traffic patterns to UPS web interface

SIEM Query:

source="ups_logs" AND (event="backup_upload" OR event="password_change") AND src_ip NOT IN [authorized_ips]

📊 Metadata

CVE ID: CVE-2022-47192

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: March 31, 2023

Last Updated: November 21, 2024

🔗 References

https://www.generex.de/support/changelogs/cs141/2-12 Vendor Advisory
https://www.generex.de/support/changelogs/cs141/page:2 Vendor Advisory
https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141 Third Party Advisory
https://www.generex.de/support/changelogs/cs141/2-12 Vendor Advisory
https://www.generex.de/support/changelogs/cs141/page:2 Vendor Advisory
https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-47192, you might also want to check these: