VDB
ICSA-22-347-02
ICSA-22-347-02
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Successful exploitation of these vulnerabilities could result in unauthenticated remote code execution, unauthenticated password changes, and escalation of privileges.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| APC Easy UPS Online: APC Easy UPS Online Version 2.5-GA and prior (Windows 7, 10, 11, Windows Server 2016, 2019, 2022) | ||
| APC Easy UPS Online: APC Easy UPS Online Version 2.5-GA-01-22261 and prior (Windows 11, Windows Server 2019, 2022) |
Timeline
- Dec 13, 2022 CVE Published
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-347-02.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-22-347-02 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-347-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-347-01-APC_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf fix