Search
Find a vulnerability
Search criteria
16 vulnerabilities found for easy_ups_online_monitoring_software by schneider-electric
CVE-2023-6407 (GCVE-0-2023-6407)
Vulnerability from nvd – Published: 2023-12-14 05:02 – Updated: 2026-02-25 16:34
VLAI
Summary
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by
a local and low-privileged attacker.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | Easy UPS Online Monitoring Software |
Affected:
2.6-GA-01-23116 and prior (Windows 10, 11, Windows Server 2016, 2019, 2022)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-346-03.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6407",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-23T05:01:13.272988Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:34:33.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2.6-GA-01-23116 and prior (Windows 10, 11, Windows Server 2016, 2019, 2022)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\nvulnerability exists that could cause arbitrary file deletion upon service restart when accessed by\na local and low-privileged attacker.\n\n"
}
],
"value": "\nA CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\nvulnerability exists that could cause arbitrary file deletion upon service restart when accessed by\na local and low-privileged attacker.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T05:02:30.242Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-346-03.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-6407",
"datePublished": "2023-12-14T05:02:30.242Z",
"dateReserved": "2023-11-30T09:44:49.961Z",
"dateUpdated": "2026-02-25T16:34:33.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-29413 (GCVE-0-2023-29413)
Vulnerability from nvd – Published: 2023-04-18 20:50 – Updated: 2025-02-05 20:59
VLAI
Summary
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause
Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor
service.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) |
Affected:
V2.5-GA-01-22320 , ≤ prior
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) |
Affected:
V2.5-GS-01-22320 , ≤ prior
(custom)
|
Date Public
2023-04-11 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-04.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29413",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T20:59:10.323751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:59:20.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "prior",
"status": "affected",
"version": "V2.5-GA-01-22320",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "prior",
"status": "affected",
"version": "V2.5-GS-01-22320",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause\nDenial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor\nservice. \n\n \n\n\n\n"
}
],
"value": "\nA CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause\nDenial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor\nservice. \n\n \n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T20:50:53.336Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-04.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-29413",
"datePublished": "2023-04-18T20:50:53.336Z",
"dateReserved": "2023-04-05T20:35:41.367Z",
"dateUpdated": "2025-02-05T20:59:20.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29412 (GCVE-0-2023-29412)
Vulnerability from nvd – Published: 2023-04-18 20:50 – Updated: 2025-02-05 21:00
VLAI
Summary
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command
Injection') vulnerability exists that could cause remote code execution when manipulating
internal methods through Java RMI interface.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) |
Affected:
V2.5-GA-01-22320 , ≤ prior
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) |
Affected:
V2.5-GS-01-22320 , ≤ prior
(custom)
|
Date Public
2023-04-11 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-04.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:00:28.496674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:00:38.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "prior",
"status": "affected",
"version": "V2.5-GA-01-22320",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "prior",
"status": "affected",
"version": "V2.5-GS-01-22320",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nCWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command\nInjection\u0027) vulnerability exists that could cause remote code execution when manipulating\ninternal methods through Java RMI interface.\n\n"
}
],
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command\nInjection\u0027) vulnerability exists that could cause remote code execution when manipulating\ninternal methods through Java RMI interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T12:20:18.929Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-04.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-29412",
"datePublished": "2023-04-18T20:50:08.288Z",
"dateReserved": "2023-04-05T20:35:41.367Z",
"dateUpdated": "2025-02-05T21:00:38.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29411 (GCVE-0-2023-29411)
Vulnerability from nvd – Published: 2023-04-18 20:49 – Updated: 2025-02-05 21:22
VLAI
Summary
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow
changes to administrative credentials, leading to potential remote code execution without
requiring prior authentication on the Java RMI interface.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) |
Affected:
V2.5-GA-01-22320 , ≤ prior
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) |
Affected:
V2.5-GS-01-22320 , ≤ prior
(custom)
|
Date Public
2023-04-11 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-04.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29411",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:21:55.206695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:22:08.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "prior",
"status": "affected",
"version": "V2.5-GA-01-22320",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "prior",
"status": "affected",
"version": "V2.5-GS-01-22320",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow\nchanges to administrative credentials, leading to potential remote code execution without\nrequiring prior authentication on the Java RMI interface. \n\n\n\n"
}
],
"value": "\nA CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow\nchanges to administrative credentials, leading to potential remote code execution without\nrequiring prior authentication on the Java RMI interface. \n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T20:49:34.059Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-04.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-29411",
"datePublished": "2023-04-18T20:49:34.059Z",
"dateReserved": "2023-04-05T20:35:41.367Z",
"dateUpdated": "2025-02-05T21:22:08.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42973 (GCVE-0-2022-42973)
Vulnerability from nvd – Published: 2023-02-01 00:00 – Updated: 2025-02-05 20:06
VLAI
Summary
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | APC Easy UPS Online Monitoring Software |
Affected:
Windows 7, 10, 11 Windows Server 2016, 2019, 2022 , < V2.5-GA
(custom)
|
|
| Schneider Electric | APC Easy UPS Online Monitoring Software |
Affected:
(Windows 11, Windows Server 2019, 2022 , < V2.5-GA-01-22261
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software |
Affected:
Windows 7, 10, 11 Windows Server 2016, 2019, 2022 , < V2.5-GS
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software |
Affected:
Windows 11, Windows Server 2019, 2022 , < V2.5-GS-01-22261
(custom)
|
Date Public
2022-12-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T19:52:15.476887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:06:29.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "APC Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GA",
"status": "affected",
"version": "Windows 7, 10, 11 Windows Server 2016, 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "APC Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GA-01-22261",
"status": "affected",
"version": "(Windows 11, Windows Server 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "Schneider Electric Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GS",
"status": "affected",
"version": "Windows 7, 10, 11 Windows Server 2016, 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "Schneider Electric Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GS-01-22261",
"status": "affected",
"version": "Windows 11, Windows Server 2019, 2022",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-12-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 \u0026 Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 \u0026 Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T00:00:00.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-42973",
"datePublished": "2023-02-01T00:00:00.000Z",
"dateReserved": "2022-10-17T00:00:00.000Z",
"dateUpdated": "2025-02-05T20:06:29.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42972 (GCVE-0-2022-42972)
Vulnerability from nvd – Published: 2023-02-01 00:00 – Updated: 2025-02-05 20:06
VLAI
Summary
A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | APC Easy UPS Online Monitoring Software |
Affected:
Windows 7, 10, 11 Windows Server 2016, 2019, 2022 , < V2.5-GA
(custom)
|
|
| Schneider Electric | APC Easy UPS Online Monitoring Software |
Affected:
(Windows 11, Windows Server 2019, 2022 , < V2.5-GA-01-22261
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software |
Affected:
Windows 7, 10, 11 Windows Server 2016, 2019, 2022 , < V2.5-GS
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software |
Affected:
Windows 11, Windows Server 2019, 2022 , < V2.5-GS-01-22261
(custom)
|
Date Public
2022-12-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T19:52:18.807602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:06:37.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "APC Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GA",
"status": "affected",
"version": "Windows 7, 10, 11 Windows Server 2016, 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "APC Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GA-01-22261",
"status": "affected",
"version": "(Windows 11, Windows Server 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "Schneider Electric Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GS",
"status": "affected",
"version": "Windows 7, 10, 11 Windows Server 2016, 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "Schneider Electric Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GS-01-22261",
"status": "affected",
"version": "Windows 11, Windows Server 2019, 2022",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-12-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 \u0026 Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 \u0026 Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T00:00:00.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-42972",
"datePublished": "2023-02-01T00:00:00.000Z",
"dateReserved": "2022-10-17T00:00:00.000Z",
"dateUpdated": "2025-02-05T20:06:37.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42971 (GCVE-0-2022-42971)
Vulnerability from nvd – Published: 2023-02-01 00:00 – Updated: 2025-02-05 20:16
VLAI
Summary
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | APC Easy UPS Online Monitoring Software |
Affected:
Windows 7, 10, 11 Windows Server 2016, 2019, 2022 , < V2.5-GA
(custom)
|
|
| Schneider Electric | APC Easy UPS Online Monitoring Software |
Affected:
(Windows 11, Windows Server 2019, 2022 , < V2.5-GA-01-22261
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software |
Affected:
Windows 7, 10, 11 Windows Server 2016, 2019, 2022 , < V2.5-GS
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software |
Affected:
Windows 11, Windows Server 2019, 2022 , < V2.5-GS-01-22261
(custom)
|
Date Public
2022-12-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T19:56:34.500669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:16:59.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "APC Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GA",
"status": "affected",
"version": "Windows 7, 10, 11 Windows Server 2016, 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "APC Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GA-01-22261",
"status": "affected",
"version": "(Windows 11, Windows Server 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "Schneider Electric Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GS",
"status": "affected",
"version": "Windows 7, 10, 11 Windows Server 2016, 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "Schneider Electric Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GS-01-22261",
"status": "affected",
"version": "Windows 11, Windows Server 2019, 2022",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-12-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 \u0026 Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 \u0026 Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T00:00:00.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-42971",
"datePublished": "2023-02-01T00:00:00.000Z",
"dateReserved": "2022-10-17T00:00:00.000Z",
"dateUpdated": "2025-02-05T20:16:59.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42970 (GCVE-0-2022-42970)
Vulnerability from nvd – Published: 2023-02-01 00:00 – Updated: 2025-02-05 20:17
VLAI
Summary
A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | APC Easy UPS Online Monitoring Software |
Affected:
Windows 7, 10, 11 Windows Server 2016, 2019, 2022 , < V2.5-GA
(custom)
|
|
| Schneider Electric | APC Easy UPS Online Monitoring Software |
Affected:
(Windows 11, Windows Server 2019, 2022 , < V2.5-GA-01-22261
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software |
Affected:
Windows 7, 10, 11 Windows Server 2016, 2019, 2022 , < V2.5-GS
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software |
Affected:
Windows 11, Windows Server 2019, 2022 , < V2.5-GS-01-22261
(custom)
|
Date Public
2022-12-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T19:56:37.171973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:17:08.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "APC Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GA",
"status": "affected",
"version": "Windows 7, 10, 11 Windows Server 2016, 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "APC Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GA-01-22261",
"status": "affected",
"version": "(Windows 11, Windows Server 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "Schneider Electric Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GS",
"status": "affected",
"version": "Windows 7, 10, 11 Windows Server 2016, 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "Schneider Electric Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GS-01-22261",
"status": "affected",
"version": "Windows 11, Windows Server 2019, 2022",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-12-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 \u0026 Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 \u0026 Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T00:00:00.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-42970",
"datePublished": "2023-02-01T00:00:00.000Z",
"dateReserved": "2022-10-17T00:00:00.000Z",
"dateUpdated": "2025-02-05T20:17:08.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6407 (GCVE-0-2023-6407)
Vulnerability from cvelistv5 – Published: 2023-12-14 05:02 – Updated: 2026-02-25 16:34
VLAI
Summary
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by
a local and low-privileged attacker.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | Easy UPS Online Monitoring Software |
Affected:
2.6-GA-01-23116 and prior (Windows 10, 11, Windows Server 2016, 2019, 2022)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-346-03.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6407",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-23T05:01:13.272988Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T16:34:33.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "2.6-GA-01-23116 and prior (Windows 10, 11, Windows Server 2016, 2019, 2022)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\nvulnerability exists that could cause arbitrary file deletion upon service restart when accessed by\na local and low-privileged attacker.\n\n"
}
],
"value": "\nA CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\nvulnerability exists that could cause arbitrary file deletion upon service restart when accessed by\na local and low-privileged attacker.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T05:02:30.242Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-346-03.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-6407",
"datePublished": "2023-12-14T05:02:30.242Z",
"dateReserved": "2023-11-30T09:44:49.961Z",
"dateUpdated": "2026-02-25T16:34:33.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-29413 (GCVE-0-2023-29413)
Vulnerability from cvelistv5 – Published: 2023-04-18 20:50 – Updated: 2025-02-05 20:59
VLAI
Summary
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause
Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor
service.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) |
Affected:
V2.5-GA-01-22320 , ≤ prior
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) |
Affected:
V2.5-GS-01-22320 , ≤ prior
(custom)
|
Date Public
2023-04-11 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-04.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29413",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T20:59:10.323751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:59:20.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "prior",
"status": "affected",
"version": "V2.5-GA-01-22320",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "prior",
"status": "affected",
"version": "V2.5-GS-01-22320",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause\nDenial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor\nservice. \n\n \n\n\n\n"
}
],
"value": "\nA CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause\nDenial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor\nservice. \n\n \n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T20:50:53.336Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-04.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-29413",
"datePublished": "2023-04-18T20:50:53.336Z",
"dateReserved": "2023-04-05T20:35:41.367Z",
"dateUpdated": "2025-02-05T20:59:20.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29412 (GCVE-0-2023-29412)
Vulnerability from cvelistv5 – Published: 2023-04-18 20:50 – Updated: 2025-02-05 21:00
VLAI
Summary
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command
Injection') vulnerability exists that could cause remote code execution when manipulating
internal methods through Java RMI interface.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) |
Affected:
V2.5-GA-01-22320 , ≤ prior
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) |
Affected:
V2.5-GS-01-22320 , ≤ prior
(custom)
|
Date Public
2023-04-11 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-04.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:00:28.496674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:00:38.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "prior",
"status": "affected",
"version": "V2.5-GA-01-22320",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "prior",
"status": "affected",
"version": "V2.5-GS-01-22320",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nCWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command\nInjection\u0027) vulnerability exists that could cause remote code execution when manipulating\ninternal methods through Java RMI interface.\n\n"
}
],
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command\nInjection\u0027) vulnerability exists that could cause remote code execution when manipulating\ninternal methods through Java RMI interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T12:20:18.929Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-04.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-29412",
"datePublished": "2023-04-18T20:50:08.288Z",
"dateReserved": "2023-04-05T20:35:41.367Z",
"dateUpdated": "2025-02-05T21:00:38.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29411 (GCVE-0-2023-29411)
Vulnerability from cvelistv5 – Published: 2023-04-18 20:49 – Updated: 2025-02-05 21:22
VLAI
Summary
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow
changes to administrative credentials, leading to potential remote code execution without
requiring prior authentication on the Java RMI interface.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) |
Affected:
V2.5-GA-01-22320 , ≤ prior
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) |
Affected:
V2.5-GS-01-22320 , ≤ prior
(custom)
|
Date Public
2023-04-11 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-04.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29411",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:21:55.206695Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:22:08.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "prior",
"status": "affected",
"version": "V2.5-GA-01-22320",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)",
"vendor": "Schneider Electric",
"versions": [
{
"lessThanOrEqual": "prior",
"status": "affected",
"version": "V2.5-GS-01-22320",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-04-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nA CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow\nchanges to administrative credentials, leading to potential remote code execution without\nrequiring prior authentication on the Java RMI interface. \n\n\n\n"
}
],
"value": "\nA CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow\nchanges to administrative credentials, leading to potential remote code execution without\nrequiring prior authentication on the Java RMI interface. \n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T20:49:34.059Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-04.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2023-29411",
"datePublished": "2023-04-18T20:49:34.059Z",
"dateReserved": "2023-04-05T20:35:41.367Z",
"dateUpdated": "2025-02-05T21:22:08.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42972 (GCVE-0-2022-42972)
Vulnerability from cvelistv5 – Published: 2023-02-01 00:00 – Updated: 2025-02-05 20:06
VLAI
Summary
A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | APC Easy UPS Online Monitoring Software |
Affected:
Windows 7, 10, 11 Windows Server 2016, 2019, 2022 , < V2.5-GA
(custom)
|
|
| Schneider Electric | APC Easy UPS Online Monitoring Software |
Affected:
(Windows 11, Windows Server 2019, 2022 , < V2.5-GA-01-22261
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software |
Affected:
Windows 7, 10, 11 Windows Server 2016, 2019, 2022 , < V2.5-GS
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software |
Affected:
Windows 11, Windows Server 2019, 2022 , < V2.5-GS-01-22261
(custom)
|
Date Public
2022-12-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T19:52:18.807602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:06:37.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "APC Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GA",
"status": "affected",
"version": "Windows 7, 10, 11 Windows Server 2016, 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "APC Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GA-01-22261",
"status": "affected",
"version": "(Windows 11, Windows Server 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "Schneider Electric Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GS",
"status": "affected",
"version": "Windows 7, 10, 11 Windows Server 2016, 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "Schneider Electric Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GS-01-22261",
"status": "affected",
"version": "Windows 11, Windows Server 2019, 2022",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-12-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 \u0026 Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 \u0026 Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T00:00:00.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-42972",
"datePublished": "2023-02-01T00:00:00.000Z",
"dateReserved": "2022-10-17T00:00:00.000Z",
"dateUpdated": "2025-02-05T20:06:37.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42970 (GCVE-0-2022-42970)
Vulnerability from cvelistv5 – Published: 2023-02-01 00:00 – Updated: 2025-02-05 20:17
VLAI
Summary
A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | APC Easy UPS Online Monitoring Software |
Affected:
Windows 7, 10, 11 Windows Server 2016, 2019, 2022 , < V2.5-GA
(custom)
|
|
| Schneider Electric | APC Easy UPS Online Monitoring Software |
Affected:
(Windows 11, Windows Server 2019, 2022 , < V2.5-GA-01-22261
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software |
Affected:
Windows 7, 10, 11 Windows Server 2016, 2019, 2022 , < V2.5-GS
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software |
Affected:
Windows 11, Windows Server 2019, 2022 , < V2.5-GS-01-22261
(custom)
|
Date Public
2022-12-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T19:56:37.171973Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:17:08.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "APC Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GA",
"status": "affected",
"version": "Windows 7, 10, 11 Windows Server 2016, 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "APC Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GA-01-22261",
"status": "affected",
"version": "(Windows 11, Windows Server 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "Schneider Electric Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GS",
"status": "affected",
"version": "Windows 7, 10, 11 Windows Server 2016, 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "Schneider Electric Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GS-01-22261",
"status": "affected",
"version": "Windows 11, Windows Server 2019, 2022",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-12-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 \u0026 Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 \u0026 Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T00:00:00.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-42970",
"datePublished": "2023-02-01T00:00:00.000Z",
"dateReserved": "2022-10-17T00:00:00.000Z",
"dateUpdated": "2025-02-05T20:17:08.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42973 (GCVE-0-2022-42973)
Vulnerability from cvelistv5 – Published: 2023-02-01 00:00 – Updated: 2025-02-05 20:06
VLAI
Summary
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | APC Easy UPS Online Monitoring Software |
Affected:
Windows 7, 10, 11 Windows Server 2016, 2019, 2022 , < V2.5-GA
(custom)
|
|
| Schneider Electric | APC Easy UPS Online Monitoring Software |
Affected:
(Windows 11, Windows Server 2019, 2022 , < V2.5-GA-01-22261
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software |
Affected:
Windows 7, 10, 11 Windows Server 2016, 2019, 2022 , < V2.5-GS
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software |
Affected:
Windows 11, Windows Server 2019, 2022 , < V2.5-GS-01-22261
(custom)
|
Date Public
2022-12-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T19:52:15.476887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:06:29.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "APC Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GA",
"status": "affected",
"version": "Windows 7, 10, 11 Windows Server 2016, 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "APC Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GA-01-22261",
"status": "affected",
"version": "(Windows 11, Windows Server 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "Schneider Electric Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GS",
"status": "affected",
"version": "Windows 7, 10, 11 Windows Server 2016, 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "Schneider Electric Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GS-01-22261",
"status": "affected",
"version": "Windows 11, Windows Server 2019, 2022",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-12-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 \u0026 Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 \u0026 Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T00:00:00.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-42973",
"datePublished": "2023-02-01T00:00:00.000Z",
"dateReserved": "2022-10-17T00:00:00.000Z",
"dateUpdated": "2025-02-05T20:06:29.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42971 (GCVE-0-2022-42971)
Vulnerability from cvelistv5 – Published: 2023-02-01 00:00 – Updated: 2025-02-05 20:16
VLAI
Summary
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | APC Easy UPS Online Monitoring Software |
Affected:
Windows 7, 10, 11 Windows Server 2016, 2019, 2022 , < V2.5-GA
(custom)
|
|
| Schneider Electric | APC Easy UPS Online Monitoring Software |
Affected:
(Windows 11, Windows Server 2019, 2022 , < V2.5-GA-01-22261
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software |
Affected:
Windows 7, 10, 11 Windows Server 2016, 2019, 2022 , < V2.5-GS
(custom)
|
|
| Schneider Electric | Schneider Electric Easy UPS Online Monitoring Software |
Affected:
Windows 11, Windows Server 2019, 2022 , < V2.5-GS-01-22261
(custom)
|
Date Public
2022-12-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:19:05.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T19:56:34.500669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:16:59.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "APC Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GA",
"status": "affected",
"version": "Windows 7, 10, 11 Windows Server 2016, 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "APC Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GA-01-22261",
"status": "affected",
"version": "(Windows 11, Windows Server 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "Schneider Electric Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GS",
"status": "affected",
"version": "Windows 7, 10, 11 Windows Server 2016, 2019, 2022",
"versionType": "custom"
}
]
},
{
"product": "Schneider Electric Easy UPS Online Monitoring Software",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "V2.5-GS-01-22261",
"status": "affected",
"version": "Windows 11, Windows Server 2019, 2022",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-12-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 \u0026 Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 \u0026 Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T00:00:00.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-42971",
"datePublished": "2023-02-01T00:00:00.000Z",
"dateReserved": "2022-10-17T00:00:00.000Z",
"dateUpdated": "2025-02-05T20:16:59.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}