First published: Wed Mar 09 2022(Updated: )
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)
Credit: cybersecurity@se.com
Affected Software | Affected Version | How to fix |
---|---|---|
Schneider-electric Smt Series 1015 Ups Firmware | <=04.5 | |
Schneider-electric Smt Series 1015 Ups | ||
Schneider-electric Smc Series 1018 Ups Firmware | <=04.2 | |
Schneider-electric Smc Series 1018 Ups | ||
Schneider-electric Smtl Series 1026 Ups Firmware | <=02.9 | |
Schneider-electric Smtl Series 1026 Ups | ||
Schneider-electric Scl Series 1029 Ups Firmware | <=02.5 | |
Schneider-electric Scl Series 1029 Ups | ||
Schneider-electric Scl Series 1030 Ups Firmware | <=02.5 | |
Schneider-electric Scl Series 1030 Ups | ||
Schneider-electric Scl Series 1036 Ups Firmware | <=02.5 | |
Schneider-electric Scl Series 1036 Ups | ||
Schneider-electric Scl Series 1037 Ups Firmware | <=03.1 | |
Schneider-electric Scl Series 1037 Ups | ||
Schneider-electric Smx Series 1031 Ups Firmware | <=03.1 | |
Schneider-electric Smx Series 1031 Ups |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2022-22805.
The CWE ID for this vulnerability is CWE-120.
The severity rating of CVE-2022-22805 is 9.8 (Critical).
The affected products are SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series, SMTL Series, SCL Series, SCL Series, SCL Series, and SMX Series.
To fix CVE-2022-22805, it is recommended to apply the necessary firmware updates provided by Schneider-electric.