Lucene search
+L

342 matches found

Zero Day Initiative
Zero Day Initiative
added 2023/05/17 12:0 a.m.28 views

Schneider Electric APC Easy UPS Online SNMPDBManager Use of Hard-Coded Credentials Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric APC Easy UPS Online. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists with...

7.8CVSS7.2AI score0.00163EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/05/17 12:0 a.m.26 views

Schneider Electric APC Easy UPS Online UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpLoadAction class. When parsing the filename parameter, the...

9.8CVSS7.6AI score0.01071EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2023/04/26 3:0 a.m.141 views

APC warns about critical vulnerabilities in online UPS monitoring software

In a security notification, APC has warned home and corporate users about critical vulnerabilities in the software used to monitor and control their UPS systems online. APC, which started as the American Power Conversion in 1981, today is a part of Schneider Electric™. APC is an industry leader i...

8.2AI score0.01315EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2023/04/14 12:0 a.m.21 views

Schneider Electric APC Easy UPS Online SocketService Missing Authentication Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SocketService module, which listens on UDP port...

7.5CVSS8.6AI score0.00712EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/04/14 12:0 a.m.26 views

Schneider Electric APC Easy UPS Online updateManagerPassword Exposed Dangerous Function Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updateManagerPassword function. The issue results from the...

9.8CVSS9.1AI score0.01315EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.5 views

PT-2023-2418 · Schneider +1 · Schneider Ups Monitor Service +1

Name of the Vulnerable Software and Affected Versions: Schneider UPS Monitor service affected versions not specified APC Easy UPS Online Monitoring Software affected versions not specified Description: A Missing Authentication for Critical Function issue exists, which could cause Denial-of-Servic...

10CVSS8.1AI score0.00712EPSS
Exploits0References10
Zero Day Initiative
Zero Day Initiative
added 2023/04/14 12:0 a.m.25 views

Schneider Electric APC Easy UPS Online getMacAddressByIP Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getMacAddressByIP function. The issue results from the lack o...

9.8CVSS9.3AI score0.01223EPSS
Exploits0References1
Kitploit
Kitploit
added 2023/03/23 11:30 a.m.113 views

APCLdr - Payload Loader With Evasion Features

Payload Loader With Evasion Features. Features: no crt functions imported indirect syscalls using HellHall api hashing using CRC32 hashing algorithm payload encryption using rc4 - payload is saved in .rsrc Payload injection using APC calls - alertable thread Payload execution using APC - alertabl...

7.9AI score
Exploits0References9
OSV
OSV
added 2023/02/01 4:15 a.m.7 views

CVE-2022-42972

A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 -...

7.8CVSS5.8AI score0.00177EPSS
Exploits0References1
NVD
NVD
added 2023/02/01 4:15 a.m.35 views

CVE-2022-42973

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA, APC...

7.8CVSS7.9AI score0.00163EPSS
Exploits0References1
NVD
NVD
added 2023/02/01 4:15 a.m.36 views

CVE-2022-42971

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to...

9.8CVSS9.7AI score0.01071EPSS
Exploits0References1
NVD
NVD
added 2023/02/01 4:15 a.m.41 views

CVE-2022-42970

A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows...

9.8CVSS9.7AI score0.00712EPSS
Exploits0References1
OSV
OSV
added 2023/02/01 4:15 a.m.4 views

CVE-2022-42970

A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows...

9.8CVSS5.8AI score0.00712EPSS
Exploits0References1
Prion
Prion
added 2023/02/01 4:15 a.m.20 views

Authentication flaw

A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows...

7.5CVSS9.6AI score0.00712EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/02/01 4:15 a.m.19 views

Design/Logic Flaw

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to...

7.5CVSS9.6AI score0.01071EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/02/01 4:15 a.m.20 views

Hardcoded credentials

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA, APC...

4.3CVSS7.8AI score0.00163EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2023/02/01 4:15 a.m.18 views

Design/Logic Flaw

A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 -...

4.3CVSS7.8AI score0.00177EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2023/02/01 12:0 a.m.10 views

CVE-2022-42971

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to...

9.8CVSS7.5AI score0.01071EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/01 12:0 a.m.7 views

CVE-2022-42973

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA, APC...

7.8CVSS7.8AI score0.00163EPSS
Exploits0References1
CVE
CVE
added 2023/02/01 12:0 a.m.59 views

CVE-2022-42972

Schneider Electric APC Easy UPS Online Monitoring Software and Schneider Electric Easy UPS Online Monitoring Software (Safe to say the affected products are APC Easy UPS Online Monitoring Software and Schneider Electric Easy UPS Online Monitoring Software) are impacted by CVE-2022-42972, which is...

7.8CVSS7.6AI score0.00177EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder