Voltronic Power and PowerShield UPS monitoring software

Plan PatchCVSS 10ICS-CERT ICSA-25-182-05Jul 1, 2025

Energy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Voltronic Power and PowerShield UPS monitoring software contain vulnerabilities (CWE-749 Improper Handling of Exceptional Conditions, CWE-425 Direct Request Index Manipulation) that allow unauthenticated remote attackers to make unauthorized configuration changes and execute arbitrary code. Voltronic Power has not provided fixes for Viewpower and ViewPower Pro. PowerShield has released a patch for NetGuard.

What this means

What could happen

An attacker could modify UPS settings or shut down connected equipment remotely without credentials, potentially causing loss of power to critical infrastructure or causing equipment damage through arbitrary code execution on the monitoring system.

Who's at risk

This affects energy utilities, data centers, and facilities using Voltronic Power Viewpower/ViewPower Pro or PowerShield NetGuard software to monitor uninterruptible power supply (UPS) systems. Anyone managing backup power infrastructure through these platforms should prioritize mitigation.

How it could be exploited

An attacker on the network could send unauthenticated requests to the UPS monitoring software over the network, exploiting improper exception handling and direct index manipulation to inject commands or alter configuration. This does not require valid credentials or user interaction.

Prerequisites

Network access to the UPS monitoring software interface port (typically HTTP/HTTPS)
No authentication required
Knowledge of the software's web interface endpoints or protocol

remotely exploitableno authentication requiredlow complexitycritical CVSS score (10.0)no patch available for Voltronic productsaffects power infrastructure

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Public Proof-of-Concept (PoC) on GitHub (1 repository)

Affected products (3)

1 with fix2 EOL

ProductAffected VersionsFix Status

Voltronic Power Viewpower: <=1.04-24215≤ 1.04-24215No fix (EOL)

Powershield NetGuard: <=1.04-22119≤ 1.04-221191.04-23292

Voltronic Power ViewPower Pro: <=2.2165≤ 2.2165No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDRestrict network access to the UPS monitoring software to authorized management networks only; block direct internet access

HARDENINGPlace UPS monitoring systems behind a firewall and on a separate network segment from business and general IT systems

HARDENINGIf remote access to UPS monitoring is required, route all connections through a VPN with current security patches applied

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PowerShield NetGuard to version 1.04-23292 or later

WORKAROUNDFor Voltronic Viewpower and ViewPower Pro (unfixed products), contact vendor support to evaluate replacement options or alternative monitoring solutions

CVEs (2)

CVE-2022-31491 CVE-2021-43110

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/df7e0b61-8d96-4835-ab41-7242d1b3af43

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.