ICSA-25-182-05 · Published 2025-07-01 · View on CISA ICS-CERT ↗

Voltronic Power and PowerShield UPS monitoring software

CVSS 10.0 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an unauthenticated attacker remotely to make configuration changes, resulting in shutting down UPS connected devices or execution of arbitrary code.

CVEs (2)

CVE-2022-31491 CVE-2021-43110

Remediations

Voltronic Power has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact Voltronic Power customer support for additional information.
Powershield is aware of the issue and has provided a fix in NetGuard versions 1.04-23292 and later. For more information, refer to Powershield's software page. User can also contact Powershield via email or phone: +618 9209 3839.

Affected Vendors

Voltronic Power, PowerShield

Affected Products (3)

Voltronic Power, PowerShield · Voltronic Power Viewpower <=1.04-24215

Voltronic Power, PowerShield · Voltronic Power ViewPower Pro <=2.2165

Voltronic Power, PowerShield · Powershield NetGuard <=1.04-22119

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more