A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Information
Published : 2023-01-31 20:15
Updated : 2023-02-08 11:40
NVD link : CVE-2022-42972
Mitre link : CVE-2022-42972
JSON object : View
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource
Products Affected
microsoft
- windows_7
- windows_server_2016
- windows_server_2019
- windows_server_2022
- windows_10
- windows_11
schneider-electric
- easy_ups_online_monitoring_software
- apc_easy_ups_online_monitoring_software