QID 591411

Date Published: 2023-04-10

QID 591411: Schneider Electric APC Easy UPS Online Monitoring Software Multiple Vulnerabilities (SEVD-2022-347-01 V2.0)

The following versions of APC Easy UPS Online Monitoring Software are affected:
Version prior to V2.5-GA-01-22320

QID Detection Logic (Authenticated)
QID checks for the Vulnerable version using windows registry keys uninstall string.

Successful exploitation of this vulnerability could lead to local privilege escalation.

  • CVSS V3 rated as Critical - 9.8 severity.
  • CVSS V2 rated as Medium - 4.6 severity.
  • Solution

    Customers are advised to refer to CERT MITIGATIONS section SEVD-2022-347-01 (V2.0) for affected packages and patching details.

    CVEs related to QID 591411

    Software Advisories
    Advisory ID Software Component Link
    SEVD-2022-347-01 (V2.0) URL Logo download.schneider-electric.com/files?p_Doc_SEVD-2022-347-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-347-01_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf