EnerSys XM3.1-HP 910-918
0 remedies
cpe:2.3:o:hitachienergy:relion_611_firmware:*:*:*:*:*:*:*
0 remedies
- <= 22.09
EnerSys AMPA Command Injection Vulnerability Leading to Privileged Remote Shell Access
Vulnerability
A command injection vulnerability has been identified in EnerSys AMPA versions through 22.09, allowing unauthorized remote shell access with elevated privileges. This issue arises from the web interface, where improper input validation enables the execution of arbitrary commands on the affected unit.
Impact
Exploitation of this vulnerability allows for remote code execution on the affected device, with the executed code running in a privileged context.
Remediation
Users are advised to upgrade to EnerSys XM3.1 firmware version 1.07.00 or 1.10.01, and to upgrade SMG-HP and ADOM firmware to version 02.02.00 or 02.07.01. After updating, contact EnerSys for indicators of compromise and tactics, techniques, and procedures related to this vulnerability. Additionally, it is recommended to harden network configurations by isolating management interfaces and restricting access via firewall to trusted IPs.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
7.5exploitability
4.4remediation
0.0relevance
0.0threat
0.1urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.