Every CVE whose affected-product data names Schneider-electric Apc Easy Ups Online Monitoring Software, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2023-29411 — CVSS 9.8 (critical): A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials…
CVE-2023-29412 — CVSS 9.8 (critical): CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause…
CVE-2022-42971 — CVSS 9.8 (critical): A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker…
CVE-2022-42970 — CVSS 9.8 (critical): A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a…
CVE-2022-42973 — CVSS 7.8 (high): A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to…
CVE-2022-42972 — CVSS 7.8 (high): A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a…
CVE-2023-29413 — CVSS 7.5 (high): A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an…