virus logo OT Vulnerability Protection

Schneider.Electric.APC.Easy.UPS.Code.Execution

description-logoDescription

This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Schneider Electric APC Easy UPS Online Monitoring Software.
The vulnerability is due to improper handling of user-supplied input. A remote, authenticated attacker could exploit the vulnerability by sending a crafted request to the target application. Successful exploitation could lead to arbitrary code execution in the context of the application.

affected-products-logoAffected Products

Schneider Electric APC Easy UPS Online Monitoring Software V2.5-GS-01-22320 and prior

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf

Coverage

OT Security DB

Version Updates

Date Version Status Detail
2024-02-13 26.732
Modified
 Name:SE.
APC.
Easy.
UPS.
Online.
Monitoring.
Software.
RCE:Schneider.
Electric.
APC.
Easy.
UPS.
Code.
Execution
2023-05-23 23.559
Modified
 Sig Added
2023-05-16 23.555
Modified
 Default_action:pass:drop
2023-05-02 23.544
Modified
 Sig Added
ID 52907
Created Apr 27, 2023
Updated Feb 09, 2024
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Exploit Prediction Score 6.16%
Default Action drop
Active
Affected OS Windows
Affected App SCADA
Profile Type Permission/Privilege/Access Control