Vulnerability Details CVE-2023-29411
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow
changes to administrative credentials, leading to potential remote code execution without
requiring prior authentication on the Java RMI interface.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.099
EPSS Ranking 92.6%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-29411
-
cpe:2.3:a:schneider-electric:apc_easy_ups_online_monitoring_software:2.5-ga
-
cpe:2.3:a:schneider-electric:apc_easy_ups_online_monitoring_software:2.5-ga-01-22320
-
cpe:2.3:a:schneider-electric:easy_ups_online_monitoring_software:2.5-gs
-
cpe:2.3:a:schneider-electric:easy_ups_online_monitoring_software:2.5-gs-01-22320
-
cpe:2.3:o:microsoft:windows_10:-
-
cpe:2.3:o:microsoft:windows_11:-
-
cpe:2.3:o:microsoft:windows_server_2016:-
-
cpe:2.3:o:microsoft:windows_server_2019:-
-
cpe:2.3:o:microsoft:windows_server_2022:-