CVE-2023-29411
First published: Tue Apr 18 2023(Updated: )
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface.
Credit: cybersecurity@se.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Schneider-electric Apc Easy Ups Online Monitoring Software | <=2.5-ga-01-22320 | |
| Microsoft Windows 10 | ||
| Microsoft Windows 11 | ||
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2019 | ||
| Microsoft Windows Server 2022 | ||
| Schneider-electric Easy Ups Online Monitoring Software | <=2.5-gs-01-22320 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-29411.
What is the severity of CVE-2023-29411?
The severity of CVE-2023-29411 is critical with a severity value of 9.8.
How does CVE-2023-29411 impact Schneider Electric APC Easy UPS Online Monitoring Software?
CVE-2023-29411 impacts Schneider Electric APC Easy UPS Online Monitoring Software versions up to 2.5-ga-01-22320 by allowing changes to administrative credentials without requiring prior authentication on the Java RMI interface, potentially leading to remote code execution.
Is Microsoft Windows 10 affected by CVE-2023-29411?
No, Microsoft Windows 10 is not vulnerable to CVE-2023-29411.
Is there a fix available for CVE-2023-29411?
Yes, a fix is available. Refer to the security and safety notice linked in the references for more information.
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/references
- agent/weakness
- agent/remedy
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/schneider-electric
- canonical/schneider-electric apc easy ups online monitoring software
- version/schneider-electric apc easy ups online monitoring software/2.5-ga-01-22320
- vendor/microsoft
- canonical/microsoft windows 10
- canonical/microsoft windows 11
- canonical/microsoft windows server 2016
- canonical/microsoft windows server 2019
- canonical/microsoft windows server 2022
- canonical/schneider-electric easy ups online monitoring software
- version/schneider-electric easy ups online monitoring software/2.5-gs-01-22320