Schneider Electric Easy UPS Online Monitoring Software

MonitorCVSS 5.3ICS-CERT ICSA-23-346-01Dec 12, 2023

Schneider ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

Easy UPS Online Monitoring Software contains a path traversal vulnerability (CWE-22) that allows a local user with low privileges to escalate to system privileges and delete arbitrary files. This could disrupt critical power management operations. The vulnerability affects all versions up to and including 2.6-GA-01-23116 running on Windows 10, Windows 11, Windows Server 2016, 2019, and 2022. The product has been discontinued by Schneider Electric in favor of PowerChute Serial Shutdown and PowerChute Network Shutdown alternatives.

What this means

What could happen

An attacker with local access and low-level privileges could delete critical system files on the monitoring workstation, potentially disrupting UPS monitoring and shutdown coordination during power events.

Who's at risk

Energy sector operators responsible for UPS backup power systems who use Schneider Electric Easy UPS Online Monitoring Software on Windows 10, Windows 11, or Windows Server systems (2016, 2019, 2022) to monitor and coordinate automatic shutdowns during power loss.

How it could be exploited

An attacker with local Windows user account access on a machine running Easy UPS Online Monitoring Software can exploit a path traversal flaw to escalate privileges and delete arbitrary files with system permissions. The vulnerability requires local access and is triggered through the monitoring software itself.

Prerequisites

Local user account on Windows machine running Easy UPS Online Monitoring Software version 2.6-GA-01-23116 or earlier
Low privilege (non-admin) account
Ability to interact with the monitoring software

low-complexity exploitationrequires local access (reduces but does not eliminate risk)affects UPS monitoring and graceful shutdown capabilityproduct is discontinued and heading end-of-life

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Easy UPS Online Monitoring (Windows 10, 11, Windows Server 2016, 2019, 2022) prior to 2.6-GA-01-23116<2.6-GA-01-231162.6-GA-01-23116

Easy UPS Online Monitoring Software (Windows 10, 11, Windows Server 2016, 2019, 2022): <=2.6-GA-01-23116≤ 2.6-GA-01-231162.6-GA-01-23248+

Remediation & Mitigation

0/5

Do now

0/1

HARDENINGRestrict local access to monitoring workstations running Easy UPS Online software to authorized personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Easy UPS Online Monitoring Software to version 2.6-GA-01-23248 or later

Long-term hardening

0/3

HARDENINGPlan migration from Easy UPS Online Monitoring Software to PowerChute Serial Shutdown (for serial/USB) or PowerChute Network Shutdown (for network monitoring)

HARDENINGPlace UPS monitoring workstations in locked cabinets or controlled-access rooms to prevent unauthorized local access

HARDENINGIsolate UPS monitoring workstations from business networks using firewalls and network segmentation

CVEs (1)

CVE-2023-6407

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/41a579ba-31f9-4aa8-88fa-b9cb8e0dbb9f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.