Vulnerability Description
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Easy Ups Online Monitoring Software | < 2.6-ga-01-23248 |
| Microsoft | Windows 10 1507 | - |
| Microsoft | Windows 11 21H2 | - |
| Microsoft | Windows Server 2016 | - |
| Microsoft | Windows Server 2019 | - |
| Microsoft | Windows Server 2022 | - |
Related Weaknesses (CWE)
References
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-03&p_enDocVendor Advisory
- https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-03&p_enDocVendor Advisory
FAQ
What is CVE-2023-6407?
CVE-2023-6407 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local an...
How severe is CVE-2023-6407?
CVE-2023-6407 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-6407?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Easy Ups Online Monitoring Software, Microsoft Windows 10 1507, Microsoft Windows 11 21H2, Microsoft Windows Server 2016, Microsoft Windows Server 2019.