SEVD-2023-101-04
Schneider Electric is aware of multiple vulnerabilities in its Easy UPS Online Monitoring Software, known as APC Easy UPS Online Monitoring Software, and Schneider Electric UPS Online Monitoring Software known as Schneider SP Series UPS Online Monitoring Software in China. The Easy UPS Online Monitoring Software is used to configure and manage Easy UPS products. Failure to apply the remediations provided below may risk remote code execution, escalation of privileges, or authentication bypass, which could result in execution of malicious web code or loss of device functionality. June 2024 Update: Vulnerability description for CVE-2023-29412 has been updated. CWE-78 is correct, but the initial description didn’t match with this CWE ID. Remediation instructions were updated to clarify support status.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider Electric Easy UPS Online Monitoring Software version 2.5-GS-01-22320 and prior | ||
| Microsoft Windows 10 | ||
| Microsoft Windows 11 | ||
| 2.6 | ||
| Microsoft Windows Server 2019 | ||
| Microsoft Windows Server 2022 | ||
| Microsoft Windows Server 2016 | ||
| APC Easy UPS Online Monitoring Software version 2.5-GA-01-22320 and prior |
Timeline
- Apr 11, 2023 CVE Published
- Jun 11, 2024 CVE Updated
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2023-101-04.json advisory
- https://www.se.com/us/en/download/document/7EN52-0390/ url
- https://download.schneider-electric.com/files?p_enDocType=Software+-+Release&p_Doc_Ref=APC_install_APC_UPS_windows fix