22 matches found
CVE-2022-0715
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series SMT Series ID=18: UPS 09.8 and prior / SMT Series...
EUVD-2022-15790
Malicious code in bioql PyPI...
APC Smart-UPS Authentication Bypass (CVE-2022-22806)
An authentication bypass vulnerability exists in APC Smart-UPS. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
CISA Warns of Ongoing Cyber Attacks Targeting Internet-Connected UPS Devices
The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Department of Energy DoE are jointly warning of attacks against internet-connected uninterruptible power supply UPS devices by means of default usernames and passwords. "Organizations can mitigate attacks against their UPS...
The vulnerability of Microprogrammed Software Sources for APC Smart-UPS battery backup systems of the SMT, SMC, SMTL, SCL, SMX series is related to errors in processing TLS packets. This vulnerability allows a hacker to execute arbitrary code.
The vulnerability of Microprogrammed Software Sources for APC Smart-UPS battery backup systems of the SMT, SMC, SMTL, SCL, and SMX series is related to errors in processing TLS packets. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of microprogrammed software in APC Smart-UPS power supply models of the SMT, SMC, SMTL, SCL, SMX series is related to errors during the authentication process. This allows a perpetrator to execute arbitrary code.
The vulnerability of microprogrammed software in APC Smart-UPS power supplies of the SMT, SMC, SMTL, SCL, and SMX series is related to errors during the authentication process. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...
Authentication Error Vulnerability in Various Schneider Electric Products
The Schneider Electric APC Smart-UPS SMC Series, among others, is a product of Schneider Electric, a French company. The Schneider Electric APC Smart-UPS SMT Series is a line interactive power protection for servers, point-of-sale, routers, switches, hubs and other network equipment. The Schneide...
Buffer Overflow Vulnerability in Various Schneider Electric Products
The Schneider Electric APC Smart-UPS SMC Series, among others, is a product of Schneider Electric, a French company. Schneider Electric APC Smart-UPS SMT Series is a line interactive power protection for servers, point-of-sale, routers, switches, hubs and other network devices. Schneider Electric...
Authentication bypass vulnerability in several Schneider Electric products
The Schneider Electric APC Smart-UPS SMC Series, among others, is a product of Schneider Electric, a French company. Schneider Electric APC Smart-UPS SMT Series is a line interactive power protection for servers, point-of-sale, routers, switches, hubs and other network devices. Schneider Electric...
Authentication flaw
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series SMT Series ID=18: UPS 09.8 and prior / SMT Series...
CVE-2022-22805
CVE-2022-22805 is a TLS buffer overflow vulnerability in APC Schneider Electric Smart-UPS devices using SmartConnect TLS; impact is remote code execution via unauthenticated network packets during TLS reassembly. Affected lines include SmartConnect SMT, SMC, SMTL, SCL, SMX series (various IDs up ...
CVE-2022-0715
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series SMT Series ID=18: UPS 09.8 and prior / SMT Series...
Critical Bugs Could Let Attackers Remotely Hack, Damage APC Smart-UPS Devices
Three high-impact security vulnerabilities have been disclosed in APC Smart-UPS devices that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner. Collectively dubbed TLStorm, the flaws "allow for complete remote takeover of Smart-UPS...
Schneider Electric 多款产品授权问题漏洞
The Schneider Electric APC Smart-UPS SMC Series, among others, is a product of Schneider Electric, a French company. Schneider Electric APC Smart-UPS SMT Series is a line interactive power protection for servers, point-of-sale, routers, switches, hubs and other network devices. Schneider Electric...
多款Schneider Electric产品数据伪造问题漏洞
The Schneider Electric APC Smart-UPS SMC Series, among others, is a product of Schneider Electric, a French company. The Schneider Electric APC Smart-UPS SMT Series is a line interactive power protection for servers, point-of-sale, routers, switches, hubs and other network equipment. The Schneide...
PT-2022-1931 · Apc · Apc Smart-Ups Family +1
Name of the Vulnerable Software and Affected Versions: APC Smart-UPS Family: SMT Series versions 09.8 and prior APC Smart-UPS Family: SMT Series versions 01.2 and prior APC Smart-UPS Family: SMT Series versions 03.1 and prior APC Smart-UPS Family: SMC Series versions 14.1 and prior APC Smart-UPS...
PT-2022-1801 · Apc · Apc Smart-Ups Smc Series +1
Name of the Vulnerable Software and Affected Versions: APC Smart-UPS SMT Series versions 04.5 and prior APC Smart-UPS SMC Series versions 04.2 and prior APC Smart-UPS SMTL Series versions 02.9 and prior APC Smart-UPS SCL Series versions 02.5 and prior APC Smart-UPS SCL Series versions 03.1 and...
Cross site scripting
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...
CVE-2021-22813
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. Affected Products:...
CVE-2021-22812
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...