Schneider-Electric: >> Apc Easy Ups Online Monitoring Software >> 2.5-ga-01-22320 Security Vulnerabilities
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow
changes to administrative credentials, leading to potential remote code execution without
requiring prior authentication on the Java RMI interface.
CVSS Score
9.8
EPSS Score
0.06
Published
2023-04-18
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command
Injection') vulnerability exists that could cause remote code execution when manipulating
internal methods through Java RMI interface.
CVSS Score
9.8
EPSS Score
0.047
Published
2023-04-18
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause
Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor
service.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-04-18