Lucene search

PRIOn knowledge basePRION:CVE-2022-42972

HistoryFeb 01, 2023 - 4:15 a.m.

Design/Logic Flaw

2023-02-0104:15:00

PRIOn knowledge base

www.prio-n.com

cwe-732

incorrect permission assignment

critical resource

local privilege escalation

apc easy ups

schneider electric easy ups

windows 7

windows 10

windows 11

windows server 2016

windows server 2019

windows server 2022

vulnerability

nvd

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

16.1%

JSON

A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)

CPENameOperatorVersion
apc_easy_ups_online_monitoring_softwareeq< 2.5ga122320
apc_easy_ups_online_monitoring_softwareeq< 2.5-ga
easy_ups_online_monitoring_softwareeq< 2.5gs122320
easy_ups_online_monitoring_softwareeq< 2.5-gs

Name	Operator	Version
apc_easy_ups_online_monitoring_software	eq	< 2.5ga122320
apc_easy_ups_online_monitoring_software	eq	< 2.5-ga
easy_ups_online_monitoring_software	eq	< 2.5gs122320
easy_ups_online_monitoring_software	eq	< 2.5-gs

References

download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf