CVE-2022-22805

Published: Mar 9, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)

Affected (8)

Products: Schneider Electric: Smt Series 1015 Ups Firmware, Smc Series 1018 Ups Firmware, Smtl Series 1026 Ups Firmware, Scl Series 1029 Ups Firmware, Scl Series 1030 Ups Firmware, Scl Series 1036 Ups Firmware, Scl Series 1037 Ups Firmware, Smx Series 1031 Ups Firmware

Schneider Electric

8 products

Smt Series 1015 Ups Firmware

Smc Series 1018 Ups Firmware

Smtl Series 1026 Ups Firmware

Scl Series 1029 Ups Firmware

Scl Series 1030 Ups Firmware

Scl Series 1036 Ups Firmware

Scl Series 1037 Ups Firmware

Smx Series 1031 Ups Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Smt Series 1015 Ups Firmware	Up to 04.5

Running on/with	Platform Versions
Schneider Electric Smt Series 1015 Ups	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Smc Series 1018 Ups Firmware	Up to 04.2

Running on/with	Platform Versions
Schneider Electric Smc Series 1018 Ups	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Smtl Series 1026 Ups Firmware	Up to 02.9

Running on/with	Platform Versions
Schneider Electric Smtl Series 1026 Ups	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Scl Series 1029 Ups Firmware	Up to 02.5

Running on/with	Platform Versions
Schneider Electric Scl Series 1029 Ups	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Scl Series 1030 Ups Firmware	Up to 02.5

Running on/with	Platform Versions
Schneider Electric Scl Series 1030 Ups	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Scl Series 1036 Ups Firmware	Up to 02.5

Running on/with	Platform Versions
Schneider Electric Scl Series 1036 Ups	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Scl Series 1037 Ups Firmware	Up to 03.1

Running on/with	Platform Versions
Schneider Electric Scl Series 1037 Ups	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Smx Series 1031 Ups Firmware	Up to 03.1

Running on/with	Platform Versions
Schneider Electric Smx Series 1031 Ups	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://www.se.com/ww/en/download/document/SEVD-2022-067-02/

Source: cybersecurity@se.com

Vendor Advisory

https://www.se.com/ww/en/download/document/SEVD-2022-067-02/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.