CVE-2022-22805
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)
Existe una vulnerabilidad CWE-120: Copia del búfer sin comprobar el tamaño de la entrada ('Desbordamiento clásico del búfer') que podría causar la ejecución remota de código cuando se reensambla un paquete TLS mal gestionado. Producto afectado: Familia SmartConnect: Serie SMT (SMT Series ID=1015: UPS 04.5 y anteriores), Serie SMC (SMC Series ID=1018: UPS 04.2 y anteriores), Serie SMTL (SMTL Series ID=1026: UPS 02.9 y anteriores), Serie SCL (SCL Series ID=1029: UPS 02. 5 y anteriores / SCL Series ID=1030: UPS 02.5 y anteriores / SCL Series ID=1036: UPS 02.5 y anteriores / SCL Series ID=1037: UPS 03.1 y anteriores), SMX Series (SMX Series ID=1031: UPS 03.1 y anteriores)
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-07 CVE Reserved
- 2022-03-09 CVE Published
- 2024-08-03 CVE Updated
- 2024-11-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2022-067-02 | 2022-05-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | Smt Series 1015 Ups Firmware Search vendor "Schneider-electric" for product "Smt Series 1015 Ups Firmware" | <= 04.5 Search vendor "Schneider-electric" for product "Smt Series 1015 Ups Firmware" and version " <= 04.5" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Smt Series 1015 Ups Search vendor "Schneider-electric" for product "Smt Series 1015 Ups" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Smc Series 1018 Ups Firmware Search vendor "Schneider-electric" for product "Smc Series 1018 Ups Firmware" | <= 04.2 Search vendor "Schneider-electric" for product "Smc Series 1018 Ups Firmware" and version " <= 04.2" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Smc Series 1018 Ups Search vendor "Schneider-electric" for product "Smc Series 1018 Ups" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Smtl Series 1026 Ups Firmware Search vendor "Schneider-electric" for product "Smtl Series 1026 Ups Firmware" | <= 02.9 Search vendor "Schneider-electric" for product "Smtl Series 1026 Ups Firmware" and version " <= 02.9" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Smtl Series 1026 Ups Search vendor "Schneider-electric" for product "Smtl Series 1026 Ups" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Scl Series 1029 Ups Firmware Search vendor "Schneider-electric" for product "Scl Series 1029 Ups Firmware" | <= 02.5 Search vendor "Schneider-electric" for product "Scl Series 1029 Ups Firmware" and version " <= 02.5" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Scl Series 1029 Ups Search vendor "Schneider-electric" for product "Scl Series 1029 Ups" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Scl Series 1030 Ups Firmware Search vendor "Schneider-electric" for product "Scl Series 1030 Ups Firmware" | <= 02.5 Search vendor "Schneider-electric" for product "Scl Series 1030 Ups Firmware" and version " <= 02.5" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Scl Series 1030 Ups Search vendor "Schneider-electric" for product "Scl Series 1030 Ups" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Scl Series 1036 Ups Firmware Search vendor "Schneider-electric" for product "Scl Series 1036 Ups Firmware" | <= 02.5 Search vendor "Schneider-electric" for product "Scl Series 1036 Ups Firmware" and version " <= 02.5" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Scl Series 1036 Ups Search vendor "Schneider-electric" for product "Scl Series 1036 Ups" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Scl Series 1037 Ups Firmware Search vendor "Schneider-electric" for product "Scl Series 1037 Ups Firmware" | <= 03.1 Search vendor "Schneider-electric" for product "Scl Series 1037 Ups Firmware" and version " <= 03.1" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Scl Series 1037 Ups Search vendor "Schneider-electric" for product "Scl Series 1037 Ups" | - | - |
Safe
|
| Schneider-electric Search vendor "Schneider-electric" | Smx Series 1031 Ups Firmware Search vendor "Schneider-electric" for product "Smx Series 1031 Ups Firmware" | <= 03.1 Search vendor "Schneider-electric" for product "Smx Series 1031 Ups Firmware" and version " <= 03.1" | - |
Affected
| in | Schneider-electric Search vendor "Schneider-electric" | Smx Series 1031 Ups Search vendor "Schneider-electric" for product "Smx Series 1031 Ups" | - | - |
Safe
|