PT-2022-6392 · Schneider Electric · Apc Easy Ups Online Monitoring+1
Published
2022-12-13
·
Updated
2023-05-17
·
CVE-2022-42973
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
APC Easy UPS Online Monitoring Software versions prior to V2.5-GA
APC Easy UPS Online Monitoring Software versions prior to V2.5-GA-01-22261
Schneider Electric Easy UPS Online Monitoring Software versions prior to V2.5-GS
Schneider Electric Easy UPS Online Monitoring Software versions prior to V2.5-GS-01-22261
Description
A Use of Hard-coded Credentials issue exists that could cause local privilege escalation when a local attacker connects to the database. This could allow an attacker to gain unauthorized access to the target system.
Recommendations
For APC Easy UPS Online Monitoring Software versions prior to V2.5-GA, update to version V2.5-GA or later.
For APC Easy UPS Online Monitoring Software versions prior to V2.5-GA-01-22261, update to version V2.5-GA-01-22261 or later.
For Schneider Electric Easy UPS Online Monitoring Software versions prior to V2.5-GS, update to version V2.5-GS or later.
For Schneider Electric Easy UPS Online Monitoring Software versions prior to V2.5-GS-01-22261, update to version V2.5-GS-01-22261 or later.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apc Easy Ups Online Monitoring
Schneider Electric Easy Ups Online Monitoring