CVE-2023-51593 – This vulnerability allows unauthenticated remot... (How to Fix)

Q: What is the severity of CVE-2023-51593?

CVE-2023-51593 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated remote attackers to execute arbitrary code on Voltronic Power ViewPower Pro systems by exploiting expression language injection in the Struts2 dependency. Affected installations can be compromised without any authentication, potentially giving attackers full control over the system. The vulnerability affects systems running vulnerable versions of ViewPower Pro software.

📋 TL;DR

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on Voltronic Power ViewPower Pro systems by exploiting expression language injection in the Struts2 dependency. Affected installations can be compromised without any authentication, potentially giving attackers full control over the system. The vulnerability affects systems running vulnerable versions of ViewPower Pro software.

💻 Affected Systems

Products:

Voltronic Power ViewPower Pro

Versions: Specific vulnerable versions not publicly detailed, but all versions using vulnerable Struts2 dependency are affected

Operating Systems: Windows (based on LOCAL SERVICE context)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in Struts2 dependency used by ViewPower Pro. Authentication is not required for exploitation.

📦 What is this software?

Viewpower by Voltronicpower

View all CVEs affecting Viewpower →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution as LOCAL SERVICE, allowing attackers to install malware, steal data, pivot to other systems, or disrupt power monitoring operations.

🟠

Likely Case

Remote code execution leading to system compromise, data theft, and potential ransomware deployment on vulnerable power monitoring systems.

🟢

If Mitigated

Limited impact if properly segmented and monitored, but still represents a critical security flaw that should be patched immediately.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation makes internet-facing systems extremely vulnerable to attack.

🏢 Internal Only: HIGH - Even internal systems are vulnerable to network-based attacks from compromised internal hosts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

ZDI-CAN-22095 identifier suggests proof-of-concept exists. Struts2 vulnerabilities are commonly weaponized quickly.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with Voltronic Power for specific patched version

Vendor Advisory: Not publicly available at time of analysis

Restart Required: Yes

Instructions:

1. Contact Voltronic Power for security advisory and patches. 2. Apply vendor-provided patch. 3. Restart ViewPower Pro services. 4. Verify patch application.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate ViewPower Pro systems from untrusted networks and internet access

Access Control Lists

all

Implement strict firewall rules to limit access to ViewPower Pro services

🧯 If You Can't Patch

Immediately isolate affected systems from network access
Implement application-level WAF rules to block Struts2 expression language injection patterns

🔍 How to Verify

Check if Vulnerable:

Check ViewPower Pro version and Struts2 dependency version. Contact Voltronic Power for vulnerability assessment.

Check Version:

Check ViewPower Pro application version through administrative interface or system information

Verify Fix Applied:

Verify patch application through vendor-provided verification method and test that expression language injection is no longer possible.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests containing OGNL/Struts2 expressions
Unexpected process execution from ViewPower Pro service
Authentication bypass attempts

Network Indicators:

HTTP requests with suspicious OGNL payloads to ViewPower Pro endpoints
Unusual outbound connections from ViewPower Pro system

SIEM Query:

source="ViewPower Pro" AND (http_uri="*%24%7B*" OR http_uri="*%23*" OR http_uri="*ognl*")

📊 Metadata

CVE ID: CVE-2023-51593

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-917

Published: May 3, 2024

Last Updated: July 9, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-23-1896/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1896/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-51593, you might also want to check these: