all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

ZDI-23-638: Schneider Electric APC Easy UPS Online SNMPDBManager Use of Hard-Coded Credentials Local Privilege Escalation Vulnerability

Add to bookmarks
May 17, 2023, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows local attackers to escalate privileges on affected installations of Schneider Electric APC Easy UPS Online. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

apc attackers code credentials easy electric escalation exploit hard hard-coded credentials local local privilege escalation low order privilege privileged privilege escalation privileges schneider schneider electric system target ups vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-454: SolarWinds Access Rights Manager Hard-Coded Credentials Authentication Bypass Vulnerability 1 day, 23 hours ago | www.zerodayinitiative.com
access access rights attackers authentication +18
ZDI-24-456: NI FlexLogger FLXPROJ File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability 1 day, 23 hours ago | www.zerodayinitiative.com
arbitrary code attackers code code execution +15
ZDI-24-455: SolarWinds Access Rights Manager JsonSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability 1 day, 23 hours ago | www.zerodayinitiative.com
access access rights arbitrary code attackers +20
ZDI-24-450: (0Day) D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability 2 days, 23 hours ago | www.zerodayinitiative.com
0day arbitrary code attackers authentication +14
ZDI-24-449: (0Day) D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability 2 days, 23 hours ago | www.zerodayinitiative.com
0day arbitrary code attackers authentication +14
ZDI-24-448: (0Day) D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability 2 days, 23 hours ago | www.zerodayinitiative.com
0day arbitrary code attackers authentication +16
ZDI-24-447: (0Day) D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability 2 days, 23 hours ago | www.zerodayinitiative.com
0day attackers authentication authentication bypass +12
ZDI-24-446: (0Day) D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability 2 days, 23 hours ago | www.zerodayinitiative.com
0day arbitrary code attackers authentication +17
ZDI-24-445: (0Day) D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability 2 days, 23 hours ago | www.zerodayinitiative.com
0day attackers authentication cgi +13

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Brand Experience and Development Associate (Libby's Pumpkin)

@ Nestlé | Arlington, VA, US, 22209
View on infosec-jobs.com

Cybersecurity Analyst

@ L&T Technology Services | Milpitas, CA, US
View on infosec-jobs.com

Information Security Analyst

@ Fortinet | Burnaby, BC, Canada
View on infosec-jobs.com