CVE-2023-29412

CWE-78 — OS Command Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

6.2%

top 9.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric APC Easy UPS Online Monitoring Software Schneider-electric Easy UPS Online Monitoring Software

Timeline

PublishedApr 18

Description

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDschneider-electric/easy_ups_online_monitoring_software2.5-gs-01-22320

▶NVDschneider-electric/apc_easy_ups_online_monitoring_software2.5-ga-01-22320

Patches

Patch: download.schneider-electric.com ↗Patch: download.schneider-electric.com ↗

🔴Vulnerability Details

GHSA

GHSA-7p8q-cvq9-54g6: A CWE-78: Improper Handling of Case Sensitivity vulnerability exists that could cause remote code execution when manipulating internal methods through↗2023-04-18

▶

CVEList

CVE-2023-29412: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code e↗2023-04-18

▶