Lucene search
+L

15 matches found

Zero Day Initiative
Zero Day Initiative
added 2023/12/15 12:0 a.m.20 views

Schneider Electric APC Easy UPS Online deletePdfReportFile Directory Traversal Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Schneider Electric APC Easy UPS Online. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...

5.3CVSS6.6AI score0.00238EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/05/17 12:0 a.m.24 views

Schneider Electric APC Easy UPS Online updatePassword Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the updatePassword function. The issue results from the lack of...

9.8CVSS6.9AI score0.00712EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/05/17 12:0 a.m.28 views

Schneider Electric APC Easy UPS Online SNMPDBManager Use of Hard-Coded Credentials Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric APC Easy UPS Online. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists with...

7.8CVSS7.2AI score0.00163EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/18 12:0 a.m.17 views

Schneider Electric Easy UPS Online Monitoring Software 操作系统命令注入漏洞

Schneider Electric Easy UPS Online Monitoring Software is a power monitoring software from the French company Schneider Electric. The Schneider Electric Easy UPS Online Monitoring Software suffers from an operating system command injection vulnerability that stems from a mishandled case-sensitive...

9.8CVSS8.9AI score0.01223EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2023/04/14 12:0 a.m.21 views

Schneider Electric APC Easy UPS Online SocketService Missing Authentication Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SocketService module, which listens on UDP port...

7.5CVSS8.6AI score0.00712EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.5 views

PT-2023-2418 · Schneider +1 · Schneider Ups Monitor Service +1

Name of the Vulnerable Software and Affected Versions: Schneider UPS Monitor service affected versions not specified APC Easy UPS Online Monitoring Software affected versions not specified Description: A Missing Authentication for Critical Function issue exists, which could cause Denial-of-Servic...

10CVSS8.1AI score0.00712EPSS
Exploits0References10
Cvelist
Cvelist
added 2023/02/01 12:0 a.m.37 views

CVE-2022-42972

A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 -...

7.8CVSS7.9AI score0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/01 12:0 a.m.27 views

CVE-2022-42973

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA, APC...

7.8CVSS8AI score0.00163EPSS
Exploits0References1
CVE
CVE
added 2023/02/01 12:0 a.m.55 views

CVE-2022-42973

Schneider Electric APC Easy UPS Online Monitoring Software (and APC Easy UPS Online Monitoring Software) versions prior to V2.5-GA, V2.5-GA-01-22261, V2.5-GS, or GS-01-22261 are affected by CVE-2022-42973 (CWE-798): use of hard-coded credentials in the database, enabling local privilege escalatio...

7.8CVSS7.7AI score0.00163EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.11 views

Schneider Electric Easy UPS Online Monitoring Software 代码问题漏洞

Schneider Electric Easy UPS Online Monitoring Software is a power monitoring software from Schneider Electric, a French company. A code issue exists in Schneider Electric Easy UPS Online Monitoring Software that stems from an Unlimited Uploads of Dangerous Types of Files vulnerability that could...

9.8CVSS9.1AI score0.01071EPSS
Exploits0References2
ICS
ICS
added 2022/12/13 12:0 a.m.55 views

Schneider Electric APC Easy UPS Online

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: APC Easy UPS Online Vulnerabilities: Missing Authentication for Critical Function, Unrestricted Upload of File with Dangerous Type, Incorrect Permission Assignment for...

9.8CVSS9.9AI score0.01071EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.6 views

PT-2022-6392 · Schneider Electric · Apc Easy Ups Online Monitoring +1

Name of the Vulnerable Software and Affected Versions: APC Easy UPS Online Monitoring Software versions prior to V2.5-GA APC Easy UPS Online Monitoring Software versions prior to V2.5-GA-01-22261 Schneider Electric Easy UPS Online Monitoring Software versions prior to V2.5-GS Schneider Electric...

7.8CVSS7.8AI score0.00163EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.7 views

PT-2022-5821 · Schneider Electric · Apc Easy Ups Online Monitoring +1

Name of the Vulnerable Software and Affected Versions: APC Easy UPS Online Monitoring Software versions prior to V2.5-GA APC Easy UPS Online Monitoring Software versions prior to V2.5-GA-01-22261 Schneider Electric Easy UPS Online Monitoring Software versions prior to V2.5-GS Schneider Electric...

9.8CVSS9.3AI score0.00712EPSS
Exploits0References7
Zero Day Initiative
Zero Day Initiative
added 2020/08/17 12:0 a.m.32 views

Schneider Electric APC Easy UPS Online FileUploadServlet processRequest Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadServlet class. When parsing the filename parameter,...

9.8CVSS4.5AI score0.01659EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/08/17 12:0 a.m.25 views

Schneider Electric APC Easy UPS Online SoundUploadServlet processRequest Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SoundUploadServlet class. When parsing the filename parameter...

9.8CVSS4.4AI score0.01659EPSS
Exploits0References1
Rows per page
Query Builder