Lucene search
06fe5fd2bc53027c4a3b7e395af0b850e7b8a044ZDI-23-1794HistoryDec 15, 2023 - 12:00 a.m.
Schneider Electric APC Easy UPS Online deletePdfReportFile Directory Traversal Denial-of-Service Vulnerability
2023-12-1500:00:00
06fe5fd2bc53027c4a3b7e395af0b850e7b8a044
www.zerodayinitiative.com
9
schneider electric
apc easy ups online
directory traversal
denial-of-service
vulnerability
file operations
user-supplied path
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Schneider Electric APC Easy UPS Online. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the deletePdfReportFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
Related
nvd
nvd
CVE-2023-6407
2023-12-14 05:15:14
cve
cve
CVE-2023-6407
2023-12-14 05:15:14
prion
prion
Path traversal
2023-12-14 05:15:00
cvelist
cvelist
CVE-2023-6407
2023-12-14 05:02:30
ics
ics
Schneider Electric Easy UPS Online Monitoring Software
2023-12-12 12:00:00
Schneider Electric Easy UPS Online Monitoring Software
2023-12-12 12:00:00