The Schneider Electric APC Easy UPS Online Monitoring Software running on the remote host is missing authentication for critical functions. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to change the application’s Administrator password.
Binary data schneider_electric_ups_monitoring_software_cve-2022-42970.nbin