CVE-2022-0715

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series SMT Series ID=18: UPS 09.8 and prior / SMT Series...

EUVD-2022-15790

Malicious code in bioql PyPI...

APC Smart-UPS Authentication Bypass (CVE-2022-22806)

An authentication bypass vulnerability exists in APC Smart-UPS. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...

CISA Warns of Ongoing Cyber Attacks Targeting Internet-Connected UPS Devices

The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Department of Energy DoE are jointly warning of attacks against internet-connected uninterruptible power supply UPS devices by means of default usernames and passwords. "Organizations can mitigate attacks against their UPS...

Buffer Overflow Vulnerability in Various Schneider Electric Products

The Schneider Electric APC Smart-UPS SMC Series, among others, is a product of Schneider Electric, a French company. Schneider Electric APC Smart-UPS SMT Series is a line interactive power protection for servers, point-of-sale, routers, switches, hubs and other network devices. Schneider Electric...

Authentication Error Vulnerability in Various Schneider Electric Products

The Schneider Electric APC Smart-UPS SMC Series, among others, is a product of Schneider Electric, a French company. The Schneider Electric APC Smart-UPS SMT Series is a line interactive power protection for servers, point-of-sale, routers, switches, hubs and other network equipment. The Schneide...

Authentication bypass vulnerability in several Schneider Electric products

The Schneider Electric APC Smart-UPS SMC Series, among others, is a product of Schneider Electric, a French company. Schneider Electric APC Smart-UPS SMT Series is a line interactive power protection for servers, point-of-sale, routers, switches, hubs and other network devices. Schneider Electric...

Authentication flaw

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series SMT Series ID=18: UPS 09.8 and prior / SMT Series...

CVE-2022-22805

CVE-2022-22805 is a TLS buffer overflow vulnerability in APC Schneider Electric Smart-UPS devices using SmartConnect TLS; impact is remote code execution via unauthenticated network packets during TLS reassembly. Affected lines include SmartConnect SMT, SMC, SMTL, SCL, SMX series (various IDs up ...

CVE-2022-0715

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series SMT Series ID=18: UPS 09.8 and prior / SMT Series...

Critical Bugs Could Let Attackers Remotely Hack, Damage APC Smart-UPS Devices

Three high-impact security vulnerabilities have been disclosed in APC Smart-UPS devices that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner. Collectively dubbed TLStorm, the flaws "allow for complete remote takeover of Smart-UPS...

多款Schneider Electric产品数据伪造问题漏洞

The Schneider Electric APC Smart-UPS SMC Series, among others, is a product of Schneider Electric, a French company. The Schneider Electric APC Smart-UPS SMT Series is a line interactive power protection for servers, point-of-sale, routers, switches, hubs and other network equipment. The Schneide...

Schneider Electric 多款产品授权问题漏洞

The Schneider Electric APC Smart-UPS SMC Series, among others, is a product of Schneider Electric, a French company. Schneider Electric APC Smart-UPS SMT Series is a line interactive power protection for servers, point-of-sale, routers, switches, hubs and other network devices. Schneider Electric...

PT-2022-1931 · Apc · Apc Smart-Ups Family +1

Name of the Vulnerable Software and Affected Versions: APC Smart-UPS Family: SMT Series versions 09.8 and prior APC Smart-UPS Family: SMT Series versions 01.2 and prior APC Smart-UPS Family: SMT Series versions 03.1 and prior APC Smart-UPS Family: SMC Series versions 14.1 and prior APC Smart-UPS...

PT-2022-1801 · Apc · Apc Smart-Ups Smc Series +1

Name of the Vulnerable Software and Affected Versions: APC Smart-UPS SMT Series versions 04.5 and prior APC Smart-UPS SMC Series versions 04.2 and prior APC Smart-UPS SMTL Series versions 02.9 and prior APC Smart-UPS SCL Series versions 02.5 and prior APC Smart-UPS SCL Series versions 03.1 and...

Cross site scripting

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...

CVE-2021-22813

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. Affected Products:...

CVE-2021-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...

PT-2022-9285 · Apc · Apc Rack Power Distribution Units +19

Name of the Vulnerable Software and Affected Versions: APC Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 NMC2 versions 6.9.8 and earlier APC Symmetra PX 250/500 SYPX Network Management Card 2 NMC2 versions 6.9.6 and earlier APC Symmetra PX 48/96/100/160 kW UPS PX2, Symmetra ...

APC UPS Daemon 3.14.14 Privilege Escalation

Credits: fragsh3ll aka Richard Young + Contact: https://twitter.com/fragsh3ll Vendor ========== http://www.apcupsd.org Product =========== APC UPS Daemon = 3.14.14 Vulnerability Type ===================== Privilege Escalation Vendor Description ===================== Apcupsd can be used for power...