Multiple vulnerabilities in Schneider Electric APC Easy UPS Online
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2022-42970 CVE-2022-42971 CVE-2022-42972 CVE-2022-42973 |
| CWE-ID | CWE-306 CWE-434 CWE-732 CWE-798 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
APC Easy UPS Online Other software / Other software solutions |
| Vendor | Schneider Electric |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Missing Authentication for Critical Function
EUVDB-ID: #VU70323
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42970
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to missing authentication for the updatePassword endpoint implemented in the LoginAction.updatePassword method. A remote attacker can bypass authentication process and modify administrator passwords.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAPC Easy UPS Online: 2.5-GA - 2.5-GA-01-22261
CPE2.3- cpe:2.3:a:schneider_electric:apc_easy_ups_online:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:apc_easy_ups_online:2.5-GA:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:apc_easy_ups_online:2.5-GA-01-22261:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/icsa-22-347-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Arbitrary file upload
EUVDB-ID: #VU70324
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-42971
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload within the UpLoadAction.execute method. A remote attacker can upload a malicious file and execute it on the server.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAPC Easy UPS Online: 2.5-GA - 2.5-GA-01-22261
CPE2.3- cpe:2.3:a:schneider_electric:apc_easy_ups_online:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:apc_easy_ups_online:2.5-GA:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:apc_easy_ups_online:2.5-GA-01-22261:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/icsa-22-347-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Incorrect permission assignment for critical resource
EUVDB-ID: #VU70326
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42972
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the affected application runs the Tomcat instance with SYSTEM privileges. A local user can use a specially crafted JSP file to escalate privileges and execute commands with system privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAPC Easy UPS Online: 2.5-GA - 2.5-GA-01-22261
CPE2.3- cpe:2.3:a:schneider_electric:apc_easy_ups_online:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:apc_easy_ups_online:2.5-GA:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:apc_easy_ups_online:2.5-GA-01-22261:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/icsa-22-347-02
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use of hard-coded credentials
EUVDB-ID: #VU70327
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-42973
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded MySQL database credentials in application code. A local user can access the affected system using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAPC Easy UPS Online: 2.5-GA - 2.5-GA-01-22261
CPE2.3- cpe:2.3:a:schneider_electric:apc_easy_ups_online:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:apc_easy_ups_online:2.5-GA:*:*:*:*:*:*:*
- cpe:2.3:a:schneider_electric:apc_easy_ups_online:2.5-GA-01-22261:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/icsa-22-347-02
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
