Vulnerabilities > CVE-2023-29412 - Unspecified vulnerability in Schneider-Electric products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

schneider-electric

critical

NVD

Published: 2023-04-18

Updated: 2024-11-21

Summary

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface.

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric APC Easy UPS Online Monitoring Software 2.5-Ga Schneider Electric APC Easy UPS Online Monitoring Software 2.5-Ga-01-22320 Schneider Electric Easy UPS Online Monitoring Software 2.5-Gs Schneider Electric Easy UPS Online Monitoring Software 2.5-Gs-01-22320	4
OS	Microsoft Microsoft Windows 10 - Microsoft Windows 11 - Microsoft Windows Server 2016 - Microsoft Windows Server 2019 - Microsoft Windows Server 2022 -	5

Summary

Vulnerable Configurations

References