Apc: Security Vulnerabilities
PowerChute plus 5.0.2 creates a "Pwrchute" directory during installation that is shared and world writeable, which could allow remote attackers to modify or create files in that directory.
CVSS Score
5.0
EPSS Score
0.006
Published
2002-12-31
APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card.
CVSS Score
5.0
EPSS Score
0.047
Published
2001-08-22
APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file.
CVSS Score
2.1
EPSS Score
0.004
Published
2001-02-16
The HTTP service in American Power Conversion (APC) PowerChute uses a default username and password, which allows remote attackers to gain system access.
CVSS Score
9.0
EPSS Score
0.008
Published
2000-12-31
Page 2