CVE-2023-29412

CVE Database · CVE-2023-29412

CVE-2023-29412

· CRITICALModified

CVSS v3.1

9.8

EPSS

1.22%

Published

Apr 18, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-78

Affected Products (12)

schneider-electric · apc_easy_ups_online_monitoring_softwarevulnerable

microsoft · windows_10

microsoft · windows_11

microsoft · windows_server_2016

microsoft · windows_server_2019

microsoft · windows_server_2022

schneider-electric · easy_ups_online_monitoring_softwarevulnerable

microsoft · windows_10

microsoft · windows_11

microsoft · windows_server_2016

microsoft · windows_server_2019

microsoft · windows_server_2022

References (2)

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf

MitigationPatchVendor Advisory

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf

MitigationPatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs