CVE-2023-29411

CVE Database · CVE-2023-29411

CVE-2023-29411

· CRITICALModified

CVSS v3.1

9.8

EPSS

1.31%

Published

Apr 18, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-306CWE-306

Affected Products (12)

schneider-electric · apc_easy_ups_online_monitoring_softwarevulnerable

microsoft · windows_10

microsoft · windows_11

microsoft · windows_server_2016

microsoft · windows_server_2019

microsoft · windows_server_2022

schneider-electric · easy_ups_online_monitoring_softwarevulnerable

microsoft · windows_10

microsoft · windows_11

microsoft · windows_server_2016

microsoft · windows_server_2019

microsoft · windows_server_2022

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf

MitigationPatchVendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf

MitigationPatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs