CVE-2022-22805

2022-03-0919:30:16

CWE-120

schneider

www.cve.org

10 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.1%

JSON

A CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)

CNA Affected

[
  {
    "product": "SmartConnect ",
    "vendor": "Schneider Electric",
    "versions": [
      {
        "status": "affected",
        "version": "SMT Series "
      },
      {
        "status": "affected",
        "version": "SMC Series"
      },
      {
        "status": "affected",
        "version": "SMTL Series"
      },
      {
        "status": "affected",
        "version": "SCL Series"
      },
      {
        "status": "affected",
        "version": "SMX Series"
      }
    ]
  }
]

References

www.se.com/ww/en/download/document/SEVD-2022-067-02/