OS Command Injection Vulnerability in Schneider Electric’s Java RMI Interface
CVE-2023-29412

9.8CRITICAL

Key Information:

Vendor: Schneider Electric
Status: Apc Easy Ups Online Monitoring Software (windows 10, 11 Windows Server 2016, 2019, 2022); Schneider Electric Easy Ups Online Monitoring Software (windows 10, 11 Windows Server 2016, 2019, 2022)
Vendor: CVE Published:; 18 April 2023

Summary

An OS Command Injection vulnerability exists in the Java RMI interface of affected Schneider Electric products. This flaw could allow an attacker to manipulate internal methods, leading to potential remote code execution. Proper neutralization of special elements is essential to prevent abuse of this vulnerability, which may expose systems to unauthorized control and actions.

Affected Version(s)

APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) V2.5-GA-01-22320

Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) V2.5-GS-01-22320

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Apr 5, 2023