Get in Touch
Critical RCE flaw detected in APC software
APC products are widely used in the following industry sectors:
The APC Easy UPS Online Monitoring Software has been reported as being vulnerable to an unauthenticated arbitrary remote code execution flaw, which allows threat actors to hijack target devices, potentially leading to the disabling their functionality.
Three separate vulnerabilities were disclosed by APC:
CVE-2023-29411 (CVSS v3.1 score: 9.8, “Critical”): Missing authentication for critical function vulnerability
CVE-2023-29412 (CVSS v3.1 score: 9.8, “Critical”): Improper handling of case sensitivity vulnerability
CVE-2023-29413 (CVSS v3.1 score: 7.5, “High”): Missing authentication for critical function vulnerability
– CVE-2023-29411: Successful exploitation of this vulnerability would allow a threat actor to modify administrator credentials and execute arbitrary code on the Java RMI interface
– CVE-2023-29412: Successful exploitation of this vulnerability would allow a threat actor to execute arbitrary code when manipulating internal methods through the Java RMI interface
– CVE-2023-29413: Successful exploitation of this vulnerability would allow a threat actor to apply a denial-of-service (DoS) condition
APC has released a security patch for the vulnerability of the respective product version. As such, previous versions are vulnerable to potential exploit.
– APC Easy UPS Online Monitoring Software v2.5-GA-01-22320 and prior
– Schneider Electric Easy UPS Online Monitoring Software v2.5-GA-01-22320 and prior
The vulnerabilities reported on affect the following Windows versions:
– Windows 10
– Windows 11
– Windows Server 2016
– Windows Server 2019
– Windows Server 2022
Containment, Mitigations & Remediations
It is strongly recommended that users of the impacted software versions upgrade to V2.5-GS-01-23036 or later.
At the time of writing, the only mitigation for customers with direct access to their Easy UPS units is to upgrade to the PowerChute Serial Shutdown (PCSS) software suite on all servers protected by Easy UPS OnLine (SRV, SRVL models). The vendor has also recommended the following mitigation steps to be adhered to:
– Ensure that mission-critical internet-connected devices are behind firewalls
– Use VPNs for remote access
– Implement strict physical access controls
– Avoid leaving devices in “Program” mode.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available at this time.
No attribution to specific threat actors or groups has been identified at the time of writing.
Common Weakness Enumeration:
CWE-306 – Missing Authentication for Critical Function
CWE-78 – Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)