Missing Authentication Vulnerability in Java RMI Interface by Schneider Electric
CVE-2023-29411

9.8CRITICAL

Key Information:

Vendor: Schneider Electric
Status: Apc Easy Ups Online Monitoring Software (windows 10, 11 Windows Server 2016, 2019, 2022); Schneider Electric Easy Ups Online Monitoring Software (windows 10, 11 Windows Server 2016, 2019, 2022)
Vendor: CVE Published:; 18 April 2023

🔔 Create Schneider Electric Vulnerability Alert

What is CVE-2023-29411?

A vulnerability exists in Schneider Electric's Java RMI interface, where missing authentication may allow unauthorized changes to administrative credentials. This flaw could potentially enable remote code execution, posing a significant risk as no prior authentication is required for exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) V2.5-GA-01-22320

Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) V2.5-GS-01-22320

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Apr 5, 2023

JSON

Schneider Electric

What is CVE-2023-29411?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.