ICSA-22-347-02 · Published 2022-12-13 · View on CISA ICS-CERT ↗

Schneider Electric APC Easy UPS Online

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could result in unauthenticated remote code execution, unauthenticated password changes, and escalation of privileges.

CVEs (4)

CVE-2022-42970 CVE-2022-42971 CVE-2022-42972 CVE-2022-42973

Remediations

Schneider Electric recommends users to update the affected product to the latest version. See Schneider Electric's security advisory for more information.

Affected Vendors

Schneider Electric Software, LLC

Affected Products (2)

Schneider Electric Software, LLC · APC Easy UPS Online <= 2.5-GA (Windows 7, 10, 11, Windows Server 2016, 2019, 2022)

Schneider Electric Software, LLC · APC Easy UPS Online <= 2.5-GA-01-22261 (Windows 11, Windows Server 2019, 2022)

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more