CVE-2022-42973 in APC Easy UPS Onlineinfo

Summary

by MITRE • 02/01/2023

A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 02/01/2023

The vulnerability described represents a critical security flaw classified under CWE-798, which specifically addresses the use of hard-coded credentials within software applications. This particular weakness manifests in monitoring software designed for uninterruptible power supply systems from both APC and Schneider Electric vendors. The affected products include various Windows operating systems ranging from Windows 7 through Windows 11 and server versions 2016 through 2022, all running software versions prior to their respective secure releases. The presence of hard-coded credentials within these monitoring applications creates a persistent security risk that can be exploited by malicious actors with local access to the system.

The technical implementation of this vulnerability stems from the developers embedding authentication credentials directly into the source code or configuration files of the monitoring software rather than dynamically generating or retrieving them through secure authentication mechanisms. This design flaw allows any local attacker who gains access to the system to potentially extract these hardcoded credentials through various means including static code analysis, memory inspection, or by examining configuration files. The credentials are typically configured with elevated privileges necessary for database operations within the UPS monitoring infrastructure, creating a direct pathway for privilege escalation when an attacker establishes database connections.

The operational impact of this vulnerability extends beyond simple unauthorized access to encompass full system compromise through local privilege escalation. When a local attacker successfully connects to the database using these hard-coded credentials, they can potentially execute commands with elevated privileges that would normally be restricted to authorized administrators. This scenario creates a significant risk for organizations relying on these monitoring systems, as it essentially provides a backdoor mechanism that bypasses normal authentication procedures and could enable attackers to manipulate power supply configurations, access sensitive operational data, or even disrupt critical infrastructure operations. The vulnerability is particularly concerning in enterprise environments where these monitoring tools are deployed across multiple systems.

Security professionals should recognize this issue as aligning with ATT&CK technique T1548.002 which covers "Abuse of Cloud Admin Permissions" and T1078.004 which addresses "Valid Accounts: Local Accounts." The vulnerability creates a persistent threat vector that can be leveraged through local system compromise to gain elevated privileges without requiring additional exploitation techniques. Organizations should immediately implement mitigations including updating to the latest secure versions of the software, reviewing and removing any hard-coded credentials from configuration files, implementing proper credential management practices, and conducting thorough security audits of all monitoring applications within their infrastructure. Additionally, network segmentation and privilege separation measures should be reinforced to limit the potential impact of such vulnerabilities across the enterprise environment.

Reservation

10/17/2022

Disclosure

02/01/2023

Moderation

accepted

CPE

ready

EPSS

0.00163

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!