Vulnetix
Try Vulnetix Request Demo
SEVD-2023-101-04 PUBLISHED CVSS 9.800000190734863 CRITICAL

Schneider Electric is aware of multiple vulnerabilities in its Easy UPS Online Monitoring Software, known as APC Easy UPS Online Monitoring Software, and Schneider Electric UPS Online Monitoring Software known as Schneider SP Series UPS Online Monitoring Software in China. The Easy UPS Online Monitoring Software is used to configure and manage Easy UPS products. Failure to apply the remediations provided below may risk remote code execution, escalation of privileges, or authentication bypass, which could result in execution of malicious web code or loss of device functionality. June 2024 Update: Vulnerability description for CVE-2023-29412 has been updated. CWE-78 is correct, but the initial description didn’t match with this CWE ID. Remediation instructions were updated to clarify support status.

Risk Scores

CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Schneider Electric Easy UPS Online Monitoring Software version 2.5-GS-01-22320 and prior
Microsoft Windows 10
Microsoft Windows 11
2.6
Microsoft Windows Server 2019
Microsoft Windows Server 2022
Microsoft Windows Server 2016
APC Easy UPS Online Monitoring Software version 2.5-GA-01-22320 and prior

Timeline

References

Open in Interactive Console →