CyberPower’s PowerPanel Business software, utilized by numerous organizations globally, has been found to contain critical vulnerabilities, potentially exposing users to severe security risks. The vulnerabilities affect versions 4.9.0 and prior of the software and have been classified with a CVSS v3 score of 9.8, indicating their critical severity.
The identified vulnerabilities encompass a range of security flaws, including hard-coded passwords, relative path traversal, hard-coded credentials, active debug code, storing passwords in a recoverable format, improper authorization, and more. Exploitation of these vulnerabilities could enable attackers to bypass authentication mechanisms, execute arbitrary code remotely, and gain unauthorized access to sensitive systems.
Given the widespread deployment of PowerPanel Business software, particularly in critical manufacturing sectors worldwide, the potential impact of these vulnerabilities is significant. Prompt action is imperative to mitigate the risks posed by these security flaws and protect organizations from potential exploitation.
Researchers from the Claroty Team82 Research notified CISA of these vulnerabilities, underlining the importance of swift remediation efforts to address these critical security issues.
For further details and mitigation strategies, users are advised to refer to the official advisory from CyberPower and take appropriate measures to secure their systems against potential exploitation.
