PatchSiren cyber security CVE debrief
CVE-2021-43110 Voltronic Power, PowerShield CVE debrief
CVE-2021-43110 is a critical unauthenticated remote access flaw in Voltronic Power and PowerShield UPS monitoring software. According to CISA’s advisory, an attacker can change the web admin password, view or modify configuration, enumerate connected UPS devices, and shut down connected UPS devices.
- Vendor
- Voltronic Power, PowerShield
- Product
- Voltronic Power Viewpower
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-07-01
- Original CVE updated
- 2025-07-01
- Advisory published
- 2025-07-01
- Advisory updated
- 2025-07-01
Who should care
Organizations running Voltronic Power Viewpower, ViewPower Pro, or Powershield NetGuard should treat this as urgent, especially OT/ICS environments where UPS monitoring systems are reachable from production or admin networks. Security, infrastructure, and operations teams responsible for remote management interfaces should verify exposure and remediation status immediately.
Technical summary
The advisory describes a web-interface authorization failure: the software is supposed to allow only an authenticated and authorized admin user to configure the system, but an unauthenticated remote attacker can perform administrative actions instead. CISA lists affected versions as Voltronic Power Viewpower <=1.04-24215, ViewPower Pro <=2.2165, and Powershield NetGuard <=1.04-22119. The supplied CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8), reflecting a network-reachable issue with no privileges or user interaction required and high impact to confidentiality, integrity, and availability.
Defensive priority
Urgent / critical. This issue allows remote, unauthenticated administrative action against UPS management software and can directly affect power infrastructure availability.
Recommended defensive actions
- Confirm whether Viewpower, ViewPower Pro, or Powershield NetGuard are deployed and identify exact versions.
- Apply vendor remediation where available; Powershield states NetGuard 1.04-23292 and later include a fix.
- For Voltronic Power products, follow CISA guidance and contact vendor support for remediation status, since CISA notes Voltronic Power has not responded to mitigation requests.
- Restrict access to the management web interface to trusted administrative networks only.
- Segment UPS management systems from broader networks and minimize exposure of OT/ICS management services.
- Monitor for unexpected changes to admin credentials, configuration, or UPS control actions.
- Use CISA’s ICS recommended practices and defense-in-depth guidance for additional hardening.
Evidence notes
All key facts in this debrief come from the CISA CSAF advisory ICSA-25-182-05 and the linked official references. The affected products and version limits are listed in the advisory metadata; the impact description is taken directly from the advisory summary. The only explicit fixed version in the supplied corpus is Powershield NetGuard 1.04-23292 and later.
Official resources
-
CVE-2021-43110 CVE record
CVE.org
-
CVE-2021-43110 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published advisory ICSA-25-182-05 for CVE-2021-43110 on 2025-07-01T06:00:00.000Z. This debrief uses the advisory publication date supplied in the source corpus and does not infer any separate discovery date.