10 matches found
CVE-2022-0715
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series SMT Series ID=18: UPS 09.8 and prior / SMT Series...
EUVD-2022-15790
Malicious code in bioql PyPI...
APC Smart-UPS Authentication Bypass (CVE-2022-22806)
An authentication bypass vulnerability exists in APC Smart-UPS. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
CISA Warns of Ongoing Cyber Attacks Targeting Internet-Connected UPS Devices
The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Department of Energy DoE are jointly warning of attacks against internet-connected uninterruptible power supply UPS devices by means of default usernames and passwords. "Organizations can mitigate attacks against their UPS...
The vulnerability of microprogrammed software in APC Smart-UPS power supply models of the SMT, SMC, SMTL, SCL, SMX series is related to errors during the authentication process. This allows a perpetrator to execute arbitrary code.
The vulnerability of microprogrammed software in APC Smart-UPS power supplies of the SMT, SMC, SMTL, SCL, and SMX series is related to errors during the authentication process. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...
Authentication bypass vulnerability in several Schneider Electric products
The Schneider Electric APC Smart-UPS SMC Series, among others, is a product of Schneider Electric, a French company. Schneider Electric APC Smart-UPS SMT Series is a line interactive power protection for servers, point-of-sale, routers, switches, hubs and other network devices. Schneider Electric...
Authentication flaw
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series SMT Series ID=18: UPS 09.8 and prior / SMT Series...
CVE-2022-0715
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series SMT Series ID=18: UPS 09.8 and prior / SMT Series...
Critical Bugs Could Let Attackers Remotely Hack, Damage APC Smart-UPS Devices
Three high-impact security vulnerabilities have been disclosed in APC Smart-UPS devices that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner. Collectively dubbed TLStorm, the flaws "allow for complete remote takeover of Smart-UPS...
PT-2022-9285 · Apc · Apc Rack Power Distribution Units +19
Name of the Vulnerable Software and Affected Versions: APC Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 NMC2 versions 6.9.8 and earlier APC Symmetra PX 250/500 SYPX Network Management Card 2 NMC2 versions 6.9.6 and earlier APC Symmetra PX 48/96/100/160 kW UPS PX2, Symmetra ...