CVE-2023-29412

Summary

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricAPC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)V2.5-GA-01-22320 <= prioraffected
Schneider ElectricSchneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)V2.5-GS-01-22320 <= prioraffected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References