What is CVE-2023-51593?

CVE-2023-51593 is a critical-severity vulnerability in Voltronic Power Viewpower Pro, classified under Improper Neutralization of Special Elements used in an Expression Language Statement (Expression Language Injection). CVSS score: 9.8/10. Published 2024-05-03.

How severe is CVE-2023-51593?

Critical severity. CVSS v3 base score is 9.8 out of 10.

RCE in Voltronic Power Viewpower Pro

CVE-2023-51593

Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authenticatio…

Vulnerability class: Log4Shell (CVE-2021-44228)

EPSS: 0.027 (86.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Voltronic Power Viewpower Pro — versions 2.0-22165

Weakness classification (CWE)

CWE-917 — Improper Neutralization of Special Elements used in an Expression Language Statement (Expression Language Injection)

References

ZDI-23-1896 (x_research-advisory)

Frequently asked questions

What is CVE-2023-51593?: CVE-2023-51593 is a critical-severity vulnerability in Voltronic Power Viewpower Pro, classified under Improper Neutralization of Special Elements used in an Expression Language Statement (Expression Language Injection). CVSS score: 9.8/10. Published 2024-05-03.
How severe is CVE-2023-51593?: Critical severity. CVSS v3 base score is 9.8 out of 10.