VDB
ICSA-23-108-02
ICSA-23-108-02
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Successful exploitation of this vulnerability could result in an attacker achieving remote code execution on the underlying operating system when manipulating internal methods through the Java RMI interface. It could also result in escalation of privileges or authentication bypass, which could then result in malicious web code execution or loss of device functionality.
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric APC Easy UPS Online Monitoring Software: <=v2.5-GA-01-22261 | ||
| Schneider Electric Schneider Electric Easy UPS Online Monitoring Software: <=V2.5-GA-01-22320 |
Timeline
- Apr 18, 2023 CVE Published
- Jun 11, 2024 CVE Updated
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-108-02.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-108-02 advisory
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf url
- https://www.cisa.gov/uscert/ncas/tips/ST04-014 url
- https://www.apc.com/pcss fix
- https://www.apc.com/pcns fix
- https://download.schneider-electric.com/files?p_enDocType=Software+-+Release&p_Doc_Ref=APC_install_APC_UPS_windows fix
- https://download.schneider-electric.com/files?p_enDocType=Software+-+Release&p_Doc_Ref=Install_Schneider_UPS_windows fix
- https://www.se.com/us/en/work/support/contacts.jsp fix
- https://www.se.com/us/en/download/document/7EN52-0390/ fix
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf fix