Lucene search

SchneiderCVE-2023-29413

HistoryApr 18, 2023 - 9:15 p.m.

CVE-2023-29413

2023-04-1821:15:09

CWE-306

schneider

web.nvd.nist.gov

schneider

ups

monitor

cwe-306

vulnerability

nvd

cve-2023-29413

authentication

denial-of-service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

43.6%

JSON

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause
Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor
service.

Affected configurations

Nvd

Node

schneider-electricapc_easy_ups_online_monitoring_softwareRange≤2.5-ga-01-22320

AND

microsoftwindows_10Match-

microsoftwindows_11Match--

microsoftwindows_server_2016Match-

microsoftwindows_server_2019Match-

microsoftwindows_server_2022Match-

Node

schneider-electriceasy_ups_online_monitoring_softwareRange≤2.5-gs-01-22320

AND

microsoftwindows_10Match-

microsoftwindows_11Match--

microsoftwindows_server_2016Match-

microsoftwindows_server_2019Match-

microsoftwindows_server_2022Match-

VendorProductVersionCPE
schneider-electricapc_easy_ups_online_monitoring_software*cpe:2.3:a:schneider-electric:apc_easy_ups_online_monitoring_software:*:*:*:*:*:*:*:*
microsoftwindows_10-cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
microsoftwindows_11-cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:-:*
microsoftwindows_server_2016-cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
microsoftwindows_server_2019-cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
microsoftwindows_server_2022-cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*
schneider-electriceasy_ups_online_monitoring_software*cpe:2.3:a:schneider-electric:easy_ups_online_monitoring_software:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
schneider-electric	apc_easy_ups_online_monitoring_software	*	cpe:2.3:a:schneider-electric:apc_easy_ups_online_monitoring_software::::::::
microsoft	windows_10	-	cpe:2.3:o:microsoft:windows_10:-:::::::*
microsoft	windows_11	-	cpe:2.3:o:microsoft:windows_11:-::::::-:
microsoft	windows_server_2016	-	cpe:2.3:o:microsoft:windows_server_2016:-:::::::*
microsoft	windows_server_2019	-	cpe:2.3:o:microsoft:windows_server_2019:-:::::::*
microsoft	windows_server_2022	-	cpe:2.3:o:microsoft:windows_server_2022:-:::::::*
schneider-electric	easy_ups_online_monitoring_software	*	cpe:2.3:a:schneider-electric:easy_ups_online_monitoring_software::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThanOrEqual": "prior",
        "status": "affected",
        "version": "V2.5-GA-01-22320",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Schneider Electric Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022)",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "lessThanOrEqual": "prior",
        "status": "affected",
        "version": "V2.5-GS-01-22320",
        "versionType": "custom"
      }
    ]
  }
]