VDB
SEVD-2022-347-01
SEVD-2022-347-01
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Schneider Electric is aware of multiple vulnerabilities in its APC Easy UPS Online Monitoring Software. The APC Easy UPS Online Monitoring Software is used to configure and manage APC Easy UPS. Failure to apply the remediations provided below may risk remote code execution, escalation of privileges, or authentication bypass, which could result in execution of malicious web code or loss of device functionality.
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 Windows Server 2016, 2019, 2022) <=2.5-GA | ||
| Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 Windows Server 2016, 2019, 2022) <=2.5-GA | ||
| Schneider Electric APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022) <=2.5-GA-01-22261 | ||
| 2.5 | ||
| Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022) <=2.5-GA-01-22261 |
Timeline
- Dec 13, 2022 CVE Published
- Jan 11, 2023 CVE Updated
References
- https://download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-347-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2022-347-01.json advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ url
- https://download.schneider-electric.com/files?p_Doc_Ref=APC_install_APC_UPS_windows&p_enDocType=Software+-+Release&p_File_Name=installAPCUPS_windows-2.5-GA-01-22320.zip fix
- https://download.schneider-electric.com/files?p_Doc_Ref=Install_Schneider_UPS_windows&p_enDocType=Software+-+Release&p_File_Name=installSchneiderUPS_windows.zip fix