Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-29411

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface.

Published

2023-04-18T21:15:09.390

Last Modified

2024-11-21T07:57:00.540

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-306
Type: Primary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	schneider-electric	apc_easy_ups_online_monitoring_software	≤ 2.5-ga-01-22320	Yes
Operating System	microsoft	windows_10	-	No
Operating System	microsoft	windows_11	-	No
Operating System	microsoft	windows_server_2016	-	No
Operating System	microsoft	windows_server_2019	-	No
Operating System	microsoft	windows_server_2022	-	No
Application	schneider-electric	easy_ups_online_monitoring_software	≤ 2.5-gs-01-22320	Yes
Operating System	microsoft	windows_10	-	No
Operating System	microsoft	windows_11	-	No
Operating System	microsoft	windows_server_2016	-	No
Operating System	microsoft	windows_server_2019	-	No
Operating System	microsoft	windows_server_2022	-	No

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf Mitigation, Patch, Vendor Advisory ([email protected])
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf Mitigation, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)