A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause
Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor
service.
References
Link | Resource |
---|---|
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf | Mitigation Patch Vendor Advisory |
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf | Mitigation Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
21 Nov 2024, 07:57
Type | Values Removed | Values Added |
---|---|---|
References | () https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf - Mitigation, Patch, Vendor Advisory |
28 Apr 2023, 13:26
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf - Mitigation, Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:-:* cpe:2.3:a:schneider-electric:easy_ups_online_monitoring_software:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:* cpe:2.3:a:schneider-electric:apc_easy_ups_online_monitoring_software:*:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* |
18 Apr 2023, 21:25
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-18 21:15
Updated : 2024-11-21 07:57
NVD link : CVE-2023-29413
Mitre link : CVE-2023-29413
CVE.ORG link : CVE-2023-29413
JSON object : View
Products Affected
microsoft
- windows_server_2019
- windows_server_2016
- windows_server_2022
- windows_11
- windows_10
schneider-electric
- apc_easy_ups_online_monitoring_software
- easy_ups_online_monitoring_software
CWE
CWE-306
Missing Authentication for Critical Function