Missing Authentication Vulnerability in Schneider UPS Monitor Service
CVE-2023-29413

7.5HIGH

Key Information:

Vendor: Schneider Electric
Status: Apc Easy Ups Online Monitoring Software (windows 10, 11 Windows Server 2016, 2019, 2022); Schneider Electric Easy Ups Online Monitoring Software (windows 10, 11 Windows Server 2016, 2019, 2022)
Vendor: CVE Published:; 18 April 2023

Summary

The Schneider UPS Monitor service is affected by a missing authentication vulnerability that allows unauthenticated users to access critical functions. This can lead to a potential Denial-of-Service (DoS) condition, where vital operations of the UPS Monitor could be interrupted or rendered inaccessible. It is essential for users to update their systems and implement proper authentication protocols to mitigate these risks and protect their infrastructure from unauthorized access.

Affected Version(s)

APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) V2.5-GA-01-22320

Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) V2.5-GS-01-22320

References

https://download.schneider-electric.com/files?p_Doc_Ref=S...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2023
Vulnerability Reserved
Apr 5, 2023