A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Se...
9.8CVSS
9.5AI Score
0.002EPSS
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to ...
9.8CVSS
9.6AI Score
0.004EPSS
A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - V...
7.8CVSS
7.6AI Score
0.0004EPSS
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC E...
7.8CVSS
7.7AI Score
0.0004EPSS
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allowchanges to administrative credentials, leading to potential remote code execution withoutrequiring prior authentication on the Java RMI interface.
9.8CVSS
9.9AI Score
0.002EPSS
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS CommandInjection') vulnerability exists that could cause remote code execution when manipulatinginternal methods through Java RMI interface.
9.8CVSS
9.9AI Score
0.002EPSS
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could causeDenial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitorservice.
7.5CVSS
7.7AI Score
0.001EPSS
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')vulnerability exists that could cause arbitrary file deletion upon service restart when accessed bya local and low-privileged attacker.
7.1CVSS
6.8AI Score
0.001EPSS