Multiple vulnerabilities have been discovered in Schneider Electric APC Smart-UPS that could allow for remote code execution. Schneider Electric APC Smart-UPS are devices that protect equipment and provide emergency backup power for mission-critical assets. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of the application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Read more... Cyber Security Advisories - MS-ISAC