The official site for Saudi CERT
Schneider Electric Alert
3013
Warning Date
Severity Level
Warning Number
Target Sector
13 December, 2022
● Critical
2022-5388
All
Schneider Electric has released security update to address multiple vulnerabilities in the following products:
- APC Easy UPS Online Monitoring Software
- V2.5-GA and prior (Windows 7, 10, 11 Windows Server 2016, 2019, 2022)
- V2.5-GA-01-22261 and prior (Windows 11, Windows Server 2019, 2022)
- EcoStruxure Power Commission
- V2.25 and prior versions
Attacker could exploit these vulnerabilities by doing the following:
- Remote code execution
- Escalation of privileges
- Authentication bypass
- Unauthorized access and information disclosure
The CERT team encourages users to review Schneider Electric security advisory and apply the necessary update:
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-347-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-347-01-APC_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf&_ga=2.70853779.288189773.1670928219-943928184.1670928219
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-347-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-347-03_EcoStruxure_Power_Commission_Security_Notification.pdf&_ga=2.105139968.288189773.1670928219-943928184.1670928219
Rate the content
Share the page
