Vulnerabilities > CVE-2023-29413 - Unspecified vulnerability in Schneider-Electric products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

schneider-electric

NVD

Published: 2023-04-18

Updated: 2024-11-21

Summary

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service.

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric APC Easy UPS Online Monitoring Software 2.5-Ga Schneider Electric APC Easy UPS Online Monitoring Software 2.5-Ga-01-22320 Schneider Electric Easy UPS Online Monitoring Software 2.5-Gs Schneider Electric Easy UPS Online Monitoring Software 2.5-Gs-01-22320	4
OS	Microsoft Microsoft Windows 10 - Microsoft Windows 11 - Microsoft Windows Server 2016 - Microsoft Windows Server 2019 - Microsoft Windows Server 2022 -	5

Summary

Vulnerable Configurations

References