Missing Authentication Vulnerability in Java RMI Interface by Schneider Electric
CVE-2023-29411

9.8CRITICAL

Key Information:

Vendor: Schneider Electric
Status: Apc Easy Ups Online Monitoring Software (windows 10, 11 Windows Server 2016, 2019, 2022); Schneider Electric Easy Ups Online Monitoring Software (windows 10, 11 Windows Server 2016, 2019, 2022)
Vendor: CVE Published:; 18 April 2023

Summary

A vulnerability exists in Schneider Electric's Java RMI interface, where missing authentication may allow unauthorized changes to administrative credentials. This flaw could potentially enable remote code execution, posing a significant risk as no prior authentication is required for exploitation.

Affected Version(s)

APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) V2.5-GA-01-22320

Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) V2.5-GS-01-22320

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Apr 5, 2023