Vulnerability Details CVE-2023-29411
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow
changes to administrative credentials, leading to potential remote code execution without
requiring prior authentication on the Java RMI interface.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.078
EPSS Ranking 91.8%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-29411
-
cpe:2.3:a:schneider-electric:apc_easy_ups_online_monitoring_software:2.5-ga
-
cpe:2.3:a:schneider-electric:apc_easy_ups_online_monitoring_software:2.5-ga-01-22320
-
cpe:2.3:a:schneider-electric:easy_ups_online_monitoring_software:2.5-gs
-
cpe:2.3:a:schneider-electric:easy_ups_online_monitoring_software:2.5-gs-01-22320
-
cpe:2.3:o:microsoft:windows_10:-
-
cpe:2.3:o:microsoft:windows_11:-
-
cpe:2.3:o:microsoft:windows_server_2016:-
-
cpe:2.3:o:microsoft:windows_server_2019:-
-
cpe:2.3:o:microsoft:windows_server_2022:-