The Schneider Electric APC Easy UPS Online Monitoring Software running on the remote host is missing authentication for critical functions. An unauthenticated, remote attacker can exploit this, via specially crafted messages, to invoke methods of remote Java objects via RMI.
Binary data schneider_electric_ups_monitoring_software_unauth_rmi.nbin
Vendor | Product | Version | CPE |
---|---|---|---|
schneider-electric | apc_easy_ups_online_software | cpe:/o:schneider-electric:apc_easy_ups_online_software |