2.5Gs0122320

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

schneider-electric

NVD

Published: 2023-12-14

Updated: 2024-11-21

Summary

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker.

Vulnerable Configurations

Part	Description	Count
Application	Schneider-Electric Schneider Electric Easy UPS Online Monitoring Software 2.5-Gs Schneider Electric Easy UPS Online Monitoring Software 2.5-Gs-01-22320	2
OS	Microsoft Microsoft Windows 10 1507 - Microsoft Windows 11 21H2 - Microsoft Windows Server 2016 - Microsoft Windows Server 2019 - Microsoft Windows Server 2022 -	7

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-346-03.pdf
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-346-03.pdf