CVE-2023-29411

Summary

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricAPC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)V2.5-GA-01-22320 <= prioraffected
Schneider ElectricSchneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)V2.5-GS-01-22320 <= prioraffected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References