9.8
CVE-2022-22805
- EPSS 13.44%
- Published 09.03.2022 20:15:08
- Last modified 21.11.2024 06:47:28
- Source cybersecurity@se.com
- Teams watchlist Login
- Open Login
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)Data is provided by the National Vulnerability Database (NVD)
Schneider-electric ≫ Smt Series 1015 Ups Firmware Version <= 04.5
Schneider-electric ≫ Smc Series 1018 Ups Firmware Version <= 04.2
Schneider-electric ≫ Smtl Series 1026 Ups Firmware Version <= 02.9
Schneider-electric ≫ Scl Series 1029 Ups Firmware Version <= 02.5
Schneider-electric ≫ Scl Series 1030 Ups Firmware Version <= 02.5
Schneider-electric ≫ Scl Series 1036 Ups Firmware Version <= 02.5
Schneider-electric ≫ Scl Series 1037 Ups Firmware Version <= 03.1
Schneider-electric ≫ Smx Series 1031 Ups Firmware Version <= 03.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 13.44% | 0.94 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.