SECUREVENT: Hybrid AI/ML Security Monitoring for Distributed Event-Based Systems

Distributed event-based systems have become a common substrate for Internet-scale publish/subscribe services, IoT telemetry, cloud-native microservices, and security operations pipelines. Their loose coupling and asynchronous delivery improve scalability, but they also expand the attack surface:...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the batchForceLogout operation, accessible via the /monitor/online/batchForceLogout endpoint. A user can bypass authorization controls to force another user offline by supplying a different user's ID in the ids...

CVE-2024-12814

creationtimestamp| type| source ---|---|--- 2024-12-24 07:05:32+00:00| seen| https://infosec.exchange/users/cve/statuses/113706528430346312 2024-12-24 07:15:25+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ldzvkbckwp2k 2024-12-24 09:23:07+00:00| seen|...

Vulnerabilities fixed in APC Easy UPS Online. Monitoring

APC has fixed vulnerabilities in Easy UPS Online Monitoring. A malicious party could exploit the vulnerabilities to cause a denial-of-service, or to execute arbitrary code execute with the victim's privileges. Because the online monitoring software is used by administrators, it is likely that cod...

Schneider Electric APC Easy UPS Online Monitoring Software (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity/Public exploits available Vendor: Schneider Electric Equipment: APC Easy UPS Online Monitoring Software Vulnerability: OS Command Injection, Missing Authentication for Critical Function 2. RISK...

Schneider Electric Easy UPS Online Monitoring Software 操作系统命令注入漏洞

Schneider Electric Easy UPS Online Monitoring Software is a power monitoring software from the French company Schneider Electric. The Schneider Electric Easy UPS Online Monitoring Software suffers from an operating system command injection vulnerability that stems from a mishandled case-sensitive...

Schneider Electric Easy UPS Online Monitoring Software 访问控制错误漏洞

Schneider Electric Easy UPS Online Monitoring Software is a power monitoring software from the French company Schneider Electric Schneider Electric. The Schneider Electric Easy UPS Online Monitoring Software suffers from an Access Control Error vulnerability that stems from a lack of authenticati...

PT-2023-2418 · Schneider +1 · Schneider Ups Monitor Service +1

Name of the Vulnerable Software and Affected Versions: Schneider UPS Monitor service affected versions not specified APC Easy UPS Online Monitoring Software affected versions not specified Description: A Missing Authentication for Critical Function issue exists, which could cause Denial-of-Servic...

CVE-2022-42973

Schneider Electric APC Easy UPS Online Monitoring Software (and APC Easy UPS Online Monitoring Software) versions prior to V2.5-GA, V2.5-GA-01-22261, V2.5-GS, or GS-01-22261 are affected by CVE-2022-42973 (CWE-798): use of hard-coded credentials in the database, enabling local privilege escalatio...

Schneider Electric Easy UPS Online Monitoring Software 信任管理问题漏洞

Schneider Electric Easy UPS Online Monitoring Software is a power monitoring software from Schneider Electric France. Schneider Electric Easy UPS Online Monitoring Software suffers from a trust management issue vulnerability that stems from a use of hard-coded credentials vulnerability that could...

CVE-2022-42972

A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 -...

CVE-2022-42972

Schneider Electric APC Easy UPS Online Monitoring Software and Schneider Electric Easy UPS Online Monitoring Software (Safe to say the affected products are APC Easy UPS Online Monitoring Software and Schneider Electric Easy UPS Online Monitoring Software) are impacted by CVE-2022-42972, which is...

Schneider Electric Easy UPS Online Monitoring Software 安全漏洞

Schneider Electric Easy UPS Online Monitoring Software is a power monitoring software from Schneider Electric, a French company. A security vulnerability exists in Schneider Electric Easy UPS Online Monitoring Software, which stems from a Critical Resource Privilege Assignment Incorrect...

CVE-2022-42973

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA, APC...

The vulnerability of the APC Easy UPS Online Monitoring Software lies in the lack of authentication for a critical function, allowing attackers to gain access to the software.

The vulnerability of the APC Easy UPS Online Monitoring Software relates to the absence of authentication for a critical function. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the software...

PT-2022-5821 · Schneider Electric · Apc Easy Ups Online Monitoring +1

Name of the Vulnerable Software and Affected Versions: APC Easy UPS Online Monitoring Software versions prior to V2.5-GA APC Easy UPS Online Monitoring Software versions prior to V2.5-GA-01-22261 Schneider Electric Easy UPS Online Monitoring Software versions prior to V2.5-GS Schneider Electric...

Jiangsu Sanxi Technology Co., Ltd. pollution source online monitoring management system has information leakage vulnerability

Ltd. is a professional provider of software and hardware total solutions in the field of environmental automatic monitoring and industrial process control. Ltd. pollution source online monitoring management system information leakage vulnerability, attackers can use the vulnerability to obtain...

SQL Injection Vulnerability in the Background of DAS System for Online Monitoring of Key Pollution Sources

Sichuan Qinghe Technology Co., Ltd. was registered on April 9, 2007 in Chengdu High-tech Industrial and Commercial Bureau. Legal representative Li Jian, the company's scope of business includes computer hardware and software development, sales; monitoring equipment installation, sales and so on...

Stored Cross-site Scripting Vulnerability in Pollution Source Online Monitoring System of Beijing Wanwei Yingchuang Technology Development Co.

Beijing Wanwei Yingchuang Technology Development Co., Ltd. is committed to the research, development and application of products and technologies in the field of environmental protection Internet of Things. A stored cross-site scripting vulnerability exists in the online pollution source monitori...

SQL Injection Vulnerability in Pollution Source Online Monitoring System of Beijing Wanwei Yingchuang Technology Development Co.

Beijing Wanwei Yingchuang Technology Development Co., Ltd. was founded in 2004, the company to "Internet + environmental protection" as the main line. There is a SQL injection vulnerability in the online monitoring system of Beijing Wanwei Yingchuang Technology Development Co., Ltd. that can be...