CVE-2023-29412

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf	Mitigation Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:schneider-electric:apc_easy_ups_online_monitoring_software:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_10:-:::::::*
	cpe:2.3:o:microsoft:windows_11:-::::::-:
	cpe:2.3:o:microsoft:windows_server_2016:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2019:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2022:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:schneider-electric:easy_ups_online_monitoring_software:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_10:-:::::::*
	cpe:2.3:o:microsoft:windows_11:-::::::-:
	cpe:2.3:o:microsoft:windows_server_2016:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2019:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2022:-:::::::*

History

No history.

Information

Published : 2023-04-18 21:15

Updated : 2024-06-12 13:15

NVD link : CVE-2023-29412

Mitre link : CVE-2023-29412

CVE.ORG link : CVE-2023-29412

JSON object : View

Products Affected

schneider-electric

apc_easy_ups_online_monitoring_software
easy_ups_online_monitoring_software

microsoft

windows_10
windows_server_2022
windows_server_2019
windows_server_2016
windows_11

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2023-29412", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cybersecurity@se.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-04-18T21:15:09.457", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "cybersecurity@se.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command\nInjection') vulnerability exists that could cause remote code execution when manipulating\ninternal methods through Java RMI interface."}], "lastModified": "2024-06-12T13:15:49.400", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:apc_easy_ups_online_monitoring_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D52617D6-0503-4B6B-A59D-441E0D1F4296", "versionEndIncluding": "2.5-ga-01-22320"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0"}, {"criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:-:*", "vulnerable": false, "matchCriteriaId": "647F2145-B063-43EA-8045-32D3B4D893F6"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:easy_ups_online_monitoring_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1849E03C-445A-4225-AECD-B4A7502F5F3B", "versionEndIncluding": "2.5-gs-01-22320"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0"}, {"criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:-:*", "vulnerable": false, "matchCriteriaId": "647F2145-B063-43EA-8045-32D3B4D893F6"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@se.com"}