CVE-2023-29413

CWE-306Missing Authentication3 documents3 sources
Severity
7.5HIGH
EPSS
0.4%
top 40.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Schneider-electric APC Easy UPS Online Monitoring SoftwareSchneider-electric Easy UPS Online Monitoring Software
Timeline
PublishedApr 18

Description

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Patches

Patch: download.schneider-electric.comPatch: download.schneider-electric.com

🔴Vulnerability Details

2
CVEList
CVE-2023-29413: A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated us2023-04-18
GHSA
GHSA-vpvq-q686-fm5g: A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated us2023-04-18
CVE-2023-29413 (HIGH CVSS 7.5) | A CWE-306: Missing Authentication f | cvebase.io