Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-29412

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface.

Published

2023-04-18T21:15:09.457

Last Modified

2024-11-21T07:57:00.663

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	schneider-electric	apc_easy_ups_online_monitoring_software	≤ 2.5-ga-01-22320	Yes
Operating System	microsoft	windows_10	-	No
Operating System	microsoft	windows_11	-	No
Operating System	microsoft	windows_server_2016	-	No
Operating System	microsoft	windows_server_2019	-	No
Operating System	microsoft	windows_server_2022	-	No
Application	schneider-electric	easy_ups_online_monitoring_software	≤ 2.5-gs-01-22320	Yes
Operating System	microsoft	windows_10	-	No
Operating System	microsoft	windows_11	-	No
Operating System	microsoft	windows_server_2016	-	No
Operating System	microsoft	windows_server_2019	-	No
Operating System	microsoft	windows_server_2022	-	No

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf Mitigation, Patch, Vendor Advisory ([email protected])
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf Mitigation, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)