CVE-2023-29413

Summary

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service.

Affected Software

VendorProductVersion RangeStatus
Schneider ElectricAPC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)V2.5-GA-01-22320 <= prioraffected
Schneider ElectricSchneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)V2.5-GS-01-22320 <= prioraffected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References