← Back to CVEs

CVE-2024-32053

CRITICAL

9.8

Description

Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business application.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published5/15/2024

Last Modified7/30/2025

Sourcenvd

Honeypot Sightings0

Affected Products

cyberpower:powerpanel

Weaknesses (CWE)

CWE-798

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01(ics-cert@hq.dhs.gov)

https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads(ics-cert@hq.dhs.gov)

https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01(af854a3a-2127-422b-91ae-364da2661108)

https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.