Lucene search
K

48 matches found

NVD
NVD
added 2022/03/09 8:15 p.m.23 views

CVE-2022-22805

A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series SMT Series ID=1015: UPS 04.5 and prior, SMC Series SM...

9.8CVSS0.11668EPSS
Exploits0References1
OSV
OSV
added 2022/03/09 8:15 p.m.6 views

CVE-2022-22806

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series SMT Series ID=1015: UPS 04.5 and prior, SMC Series SMC Series ID=1018: UPS 04.2...

9.8CVSS7.5AI score0.1226EPSS
Exploits0References1
OSV
OSV
added 2022/03/09 8:15 p.m.4 views

CVE-2022-22805

A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series SMT Series ID=1015: UPS 04.5 and prior, SMC Series SM...

9.8CVSS6.3AI score0.11668EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/03/09 8:15 p.m.6 views

CVE-2022-22806

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series SMT Series ID=1015: UPS 04.5 and prior, SMC Series SMC Series ID=1018: UPS 04.2...

9.8CVSS7.5AI score0.1226EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/03/09 8:15 p.m.16 views

CVE-2022-22805

A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series SMT Series ID=1015: UPS 04.5 and prior, SMC Series SM...

9.8CVSS8AI score0.11668EPSS
Exploits0References3
NVD
NVD
added 2022/03/09 8:15 p.m.20 views

CVE-2022-22806

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series SMT Series ID=1015: UPS 04.5 and prior, SMC Series SMC Series ID=1018: UPS 04.2...

9.8CVSS0.1226EPSS
Exploits0References1
Prion
Prion
added 2022/03/09 8:15 p.m.18 views

Buffer overflow

A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series SMT Series ID=1015: UPS 04.5 and prior, SMC Series SM...

7.5CVSS9.6AI score0.11668EPSS
Exploits0References1Affected Software8
Prion
Prion
added 2022/03/09 8:15 p.m.16 views

Authentication flaw

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series SMT Series ID=1015: UPS 04.5 and prior, SMC Series SMC Series ID=1018: UPS 04.2...

7.5CVSS9.3AI score0.1226EPSS
Exploits0References1Affected Software8
Prion
Prion
added 2022/03/09 8:15 p.m.18 views

Authentication flaw

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series SMT Series ID=18: UPS 09.8 and prior / SMT Series...

6.4CVSS9.1AI score0.05803EPSS
Exploits0References1Affected Software33
Cvelist
Cvelist
added 2022/03/09 7:30 p.m.22 views

CVE-2022-22806

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series SMT Series ID=1015: UPS 04.5 and prior, SMC Series SMC Series ID=1018: UPS 04.2...

9.7AI score0.1226EPSS
Exploits0References1
CVE
CVE
added 2022/03/09 7:30 p.m.137 views

CVE-2022-22806

CVE-2022-22806 describes an Authentication Bypass by Capture-replay affecting APC/Schneider Electric Smart-UPS lines. Affected products and versions (pre-fix): SMT Series <= 04.5, SMC Series <= 04.2, SMTL Series <= 02.9, SCL Series <= 02.5 (and SCL <= 03.1), SMX Series 04.5, SMC &...

9.8CVSS9.4AI score0.1226EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/03/09 7:30 p.m.125 views

CVE-2022-22805

CVE-2022-22805 is a TLS buffer overflow vulnerability in APC Schneider Electric Smart-UPS devices using SmartConnect TLS; impact is remote code execution via unauthenticated network packets during TLS reassembly. Affected lines include SmartConnect SMT, SMC, SMTL, SCL, SMX series (various IDs up ...

9.8CVSS9.7AI score0.11668EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/09 7:30 p.m.22 views

CVE-2022-22805

A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series SMT Series ID=1015: UPS 04.5 and prior, SMC Series SM...

10AI score0.11668EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/03/09 12:0 a.m.4 views

PT-2022-1931 · Apc · Apc Smart-Ups Family +1

Name of the Vulnerable Software and Affected Versions: APC Smart-UPS Family: SMT Series versions 09.8 and prior APC Smart-UPS Family: SMT Series versions 01.2 and prior APC Smart-UPS Family: SMT Series versions 03.1 and prior APC Smart-UPS Family: SMC Series versions 14.1 and prior APC Smart-UPS...

9.4CVSS6.5AI score0.05803EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2022/03/03 12:0 a.m.7 views

CVE-2022-23161

Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker may potentially exploit this vulnerability, leading to denial-of-service...

7.5CVSS7.1AI score0.00948EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2021/08/05 12:0 a.m.17 views

Dell PowerScale OneFS Denial of Service Vulnerability (CNVD-2022-32836)

Dell PowerScale OneFS is the PowerScale OneFS operating system that provides horizontal scaling NAS. A security vulnerability exists in Dell PowerScale OneFS, which can be exploited by remote attackers to prevent SmartConnect DNS responses...

5.3CVSS7AI score0.00946EPSS
Exploits0References1
NVD
NVD
added 2021/08/03 12:15 a.m.15 views

CVE-2021-21565

Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses...

5.3CVSS0.00946EPSS
Exploits0References1
OSV
OSV
added 2021/08/03 12:15 a.m.4 views

CVE-2021-21565

Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses...

5.3CVSS5.8AI score0.00946EPSS
Exploits0References1
Prion
Prion
added 2021/08/03 12:15 a.m.18 views

Design/Logic Flaw

Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses...

5CVSS5.3AI score0.00946EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/08/02 11:45 p.m.17 views

CVE-2021-21565

Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses...

5.3CVSS5.5AI score0.00946EPSS
Exploits0References1
Rows per page
Query Builder