OS Command Injection Vulnerability in Schneider Electric’s Java RMI Interface
CVE-2023-29412

9.8CRITICAL

Key Information:

Vendor

Schneider Electric
Status
Apc Easy Ups Online Monitoring Software (windows 10, 11 Windows Server 2016, 2019, 2022)
Schneider Electric Easy Ups Online Monitoring Software (windows 10, 11 Windows Server 2016, 2019, 2022)
Vendor
CVE Published:
18 April 2023

What is CVE-2023-29412?

An OS Command Injection vulnerability exists in the Java RMI interface of affected Schneider Electric products. This flaw could allow an attacker to manipulate internal methods, leading to potential remote code execution. Proper neutralization of special elements is essential to prevent abuse of this vulnerability, which may expose systems to unauthorized control and actions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) V2.5-GA-01-22320

Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) V2.5-GS-01-22320

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.