CVE-2023-6407

MEDIUM 5.3

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker.

CWE	CWE-22
Vendor	schneider electric
Product	easy ups online monitoring software
Published	Dec 14, 2023
Last Updated	Feb 25, 2026

Stay Ahead of the Next One

Get instant alerts for schneider electric easy ups online monitoring software

Be the first to know when new medium vulnerabilities affecting schneider electric easy ups online monitoring software are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

Affected Versions

Schneider Electric / Easy UPS Online Monitoring Software

2.6-GA-01-23116 and prior (Windows 10, 11, Windows Server 2016, 2019, 2022)

References

NVD ↗ CVE.org ↗ EPSS Data ↗

download.schneider-electric.com: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-346-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-346-03.pdf