Apc: >> Powerchute Security Vulnerabilities
Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event.
CVSS Score
8.8
EPSS Score
0.016
Published
2020-08-31
Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.002
Published
2011-12-07
Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7.0.1 allows remote attackers to cause a denial of service via unknown attack vectors.
CVSS Score
5.0
EPSS Score
0.019
Published
2004-12-31
PowerChute plus 5.0.2 creates a "Pwrchute" directory during installation that is shared and world writeable, which could allow remote attackers to modify or create files in that directory.
CVSS Score
5.0
EPSS Score
0.004
Published
2002-12-31
The HTTP service in American Power Conversion (APC) PowerChute uses a default username and password, which allows remote attackers to gain system access.
CVSS Score
9.0
EPSS Score
0.007
Published
2000-12-31