CVE-2022-42973
Schneider Electric APC Easy UPS Online SNMPDBManager Use of Hard-Coded Credentials Local Privilege Escalation Vulnerability
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric APC Easy UPS Online. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the SNMPDBManager class. The issue results from the use of hard-coded credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
*Credits:
rgod
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-10-17 CVE Reserved
- 2023-02-01 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | Apc Easy Ups Online Monitoring Software Search vendor "Schneider-electric" for product "Apc Easy Ups Online Monitoring Software" | < 2.5-ga-01-22320 Search vendor "Schneider-electric" for product "Apc Easy Ups Online Monitoring Software" and version " < 2.5-ga-01-22320" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 11 Search vendor "Microsoft" for product "Windows 11" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Apc Easy Ups Online Monitoring Software Search vendor "Schneider-electric" for product "Apc Easy Ups Online Monitoring Software" | < 2.5-ga-01-22320 Search vendor "Schneider-electric" for product "Apc Easy Ups Online Monitoring Software" and version " < 2.5-ga-01-22320" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2019 Search vendor "Microsoft" for product "Windows Server 2019" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Apc Easy Ups Online Monitoring Software Search vendor "Schneider-electric" for product "Apc Easy Ups Online Monitoring Software" | < 2.5-ga-01-22320 Search vendor "Schneider-electric" for product "Apc Easy Ups Online Monitoring Software" and version " < 2.5-ga-01-22320" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2022 Search vendor "Microsoft" for product "Windows Server 2022" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Easy Ups Online Monitoring Software Search vendor "Schneider-electric" for product "Easy Ups Online Monitoring Software" | < 2.5-gs-01-22320 Search vendor "Schneider-electric" for product "Easy Ups Online Monitoring Software" and version " < 2.5-gs-01-22320" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 11 Search vendor "Microsoft" for product "Windows 11" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Easy Ups Online Monitoring Software Search vendor "Schneider-electric" for product "Easy Ups Online Monitoring Software" | < 2.5-gs-01-22320 Search vendor "Schneider-electric" for product "Easy Ups Online Monitoring Software" and version " < 2.5-gs-01-22320" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2019 Search vendor "Microsoft" for product "Windows Server 2019" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Easy Ups Online Monitoring Software Search vendor "Schneider-electric" for product "Easy Ups Online Monitoring Software" | < 2.5-gs-01-22320 Search vendor "Schneider-electric" for product "Easy Ups Online Monitoring Software" and version " < 2.5-gs-01-22320" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2022 Search vendor "Microsoft" for product "Windows Server 2022" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Apc Easy Ups Online Monitoring Software Search vendor "Schneider-electric" for product "Apc Easy Ups Online Monitoring Software" | < 2.5-ga Search vendor "Schneider-electric" for product "Apc Easy Ups Online Monitoring Software" and version " < 2.5-ga" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Apc Easy Ups Online Monitoring Software Search vendor "Schneider-electric" for product "Apc Easy Ups Online Monitoring Software" | < 2.5-ga Search vendor "Schneider-electric" for product "Apc Easy Ups Online Monitoring Software" and version " < 2.5-ga" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 11 Search vendor "Microsoft" for product "Windows 11" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Apc Easy Ups Online Monitoring Software Search vendor "Schneider-electric" for product "Apc Easy Ups Online Monitoring Software" | < 2.5-ga Search vendor "Schneider-electric" for product "Apc Easy Ups Online Monitoring Software" and version " < 2.5-ga" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Apc Easy Ups Online Monitoring Software Search vendor "Schneider-electric" for product "Apc Easy Ups Online Monitoring Software" | < 2.5-ga Search vendor "Schneider-electric" for product "Apc Easy Ups Online Monitoring Software" and version " < 2.5-ga" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Apc Easy Ups Online Monitoring Software Search vendor "Schneider-electric" for product "Apc Easy Ups Online Monitoring Software" | < 2.5-ga Search vendor "Schneider-electric" for product "Apc Easy Ups Online Monitoring Software" and version " < 2.5-ga" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2019 Search vendor "Microsoft" for product "Windows Server 2019" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Apc Easy Ups Online Monitoring Software Search vendor "Schneider-electric" for product "Apc Easy Ups Online Monitoring Software" | < 2.5-ga Search vendor "Schneider-electric" for product "Apc Easy Ups Online Monitoring Software" and version " < 2.5-ga" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2022 Search vendor "Microsoft" for product "Windows Server 2022" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Easy Ups Online Monitoring Software Search vendor "Schneider-electric" for product "Easy Ups Online Monitoring Software" | < 2.5-gs Search vendor "Schneider-electric" for product "Easy Ups Online Monitoring Software" and version " < 2.5-gs" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Easy Ups Online Monitoring Software Search vendor "Schneider-electric" for product "Easy Ups Online Monitoring Software" | < 2.5-gs Search vendor "Schneider-electric" for product "Easy Ups Online Monitoring Software" and version " < 2.5-gs" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 11 Search vendor "Microsoft" for product "Windows 11" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Easy Ups Online Monitoring Software Search vendor "Schneider-electric" for product "Easy Ups Online Monitoring Software" | < 2.5-gs Search vendor "Schneider-electric" for product "Easy Ups Online Monitoring Software" and version " < 2.5-gs" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Easy Ups Online Monitoring Software Search vendor "Schneider-electric" for product "Easy Ups Online Monitoring Software" | < 2.5-gs Search vendor "Schneider-electric" for product "Easy Ups Online Monitoring Software" and version " < 2.5-gs" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Easy Ups Online Monitoring Software Search vendor "Schneider-electric" for product "Easy Ups Online Monitoring Software" | < 2.5-gs Search vendor "Schneider-electric" for product "Easy Ups Online Monitoring Software" and version " < 2.5-gs" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2019 Search vendor "Microsoft" for product "Windows Server 2019" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Easy Ups Online Monitoring Software Search vendor "Schneider-electric" for product "Easy Ups Online Monitoring Software" | < 2.5-gs Search vendor "Schneider-electric" for product "Easy Ups Online Monitoring Software" and version " < 2.5-gs" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2022 Search vendor "Microsoft" for product "Windows Server 2022" | - | - |
Safe
|