CVE-2023-29411

CRITICAL

APC Easy UPS Online Monitoring Software < 2.5-ga-01-22320 and < 2.5-gs-01-22320 - Remote Code Execution via Java RMI

Title source: llm

Description

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface.

References (1)

Core 1

Core References

Mitigation, Patch, Vendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf

Scores

CVSS v3 9.8

EPSS 0.0771

EPSS Percentile 92.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-306

Status published

Products (2)

schneider-electric/apc_easy_ups_online_monitoring_software < 2.5-ga-01-22320

schneider-electric/easy_ups_online_monitoring_software < 2.5-gs-01-22320

Published Apr 18, 2023

Tracked Since Feb 18, 2026