CVE-2022-42972

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 69.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider Electric APC Easy UPS Online Monitoring Software Schneider Electric Schneider Electric Easy UPS Online Monitoring Software Schneider-electric APC Easy UPS Online Monitoring Software +1 more

Timeline

PublishedFeb 1

Description

A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDschneider-electric/easy_ups_online_monitoring_software< 2.5-gs-01-22320+1

▶CVEListV5schneider_electric/apc_easy_ups_online_monitoring_softwareWindows 7, 10, 11 Windows Server 2016, 2019, 2022 — V2.5-GA+1

▶NVDschneider-electric/apc_easy_ups_online_monitoring_software< 2.5-ga-01-22320+1

▶CVEListV5schneider_electric/schneider_electric_easy_ups_online_monitoring_softwareWindows 7, 10, 11 Windows Server 2016, 2019, 2022 — V2.5-GS+1

Patches

Patch: download.schneider-electric.com ↗Patch: download.schneider-electric.com ↗

🔴Vulnerability Details

GHSA

GHSA-gcjp-7fh4-w3cp: A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacke↗2023-02-01

▶

CVEList

CVE-2022-42972: A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacke↗2023-02-01

▶