Lucene search

SchneiderCVELIST:CVE-2023-29412

HistoryApr 18, 2023 - 8:50 p.m.

CVE-2023-29412

2023-04-1820:50:08

CWE-78

schneider

www.cve.org

cve-2023-29412

remote code execution

improper handling

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

54.9%

JSON

CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command
Injection’) vulnerability exists that could cause remote code execution when manipulating
internal methods through Java RMI interface.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThanOrEqual": "prior",
        "status": "affected",
        "version": "V2.5-GA-01-22320",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThanOrEqual": "prior",
        "status": "affected",
        "version": "V2.5-GS-01-22320",
        "versionType": "custom"
      }
    ]
  }
]

References

download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

54.9%

JSON

Related for CVELIST:CVE-2023-29412