Vulnerabilities > Schneider Electric > APC Easy UPS Online Monitoring Software > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2023-04-18	CVE-2023-29412	Unspecified vulnerability in Schneider-Electric products CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface. network low complexity schneider-electric critical	9.8
2023-04-18	CVE-2023-29411	Missing Authentication for Critical Function vulnerability in Schneider-Electric products A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface. network low complexity schneider-electric CWE-306 critical	9.8
2023-02-01	CVE-2022-42971	Unrestricted Upload of File with Dangerous Type vulnerability in Schneider-Electric products A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. network low complexity schneider-electric CWE-434 critical	9.8
2023-02-01	CVE-2022-42970	Unspecified vulnerability in Schneider-Electric products A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. network low complexity schneider-electric critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.