Fortinet Discovers Schneider Electric Smart-UPS SRT 5000 Role Misconfiguration Vulnerability
Fortinet's FortiGuard Labs had discovered a Role Misconfiguration vulnerability in Schneider Electric Smart-UPS SRT 5000.
Schneider Electric Smart-UPS is an intelligent and efficient network power protection from entry level to scaleable runtime.
vulnerability is caused by insufficient user permissions in Smart-UPS
SRT 5000. Upon successful exploitation, it
allows attackers to demote superuser role.
Users should apply the solution provided by Schneider Electric.
The vulnerability affected Schneider Electric
Smart-UPS SRT 5000 Network Management Card 2 (NMC2)
version 6.9.6 and earlier.
Fortinet reported the vulnerability to Schneider Electric on 12th January, 2021.
Schneider Electric confirmed the vulnerability on 20th January, 2021.
Schneider Electric released patch for the vulnerability on 9th November, 2021.