343 matches found
CVE-2022-0715
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series SMT Series ID=18: UPS 09.8 and prior / SMT Series...
CVE-2022-0715
CVE-2022-0715 describes an improper authentication vulnerability in Schneider Electric APC Smart-UPS devices across multiple series (SMT/SMC/SCL/SMX/SRT and SmartConnect/SMTL), where a leaked key could authorize uploading unsigned firmware, allowing an attacker to arbitrarily change UPS behavior....
Critical Bugs Could Let Attackers Remotely Hack, Damage APC Smart-UPS Devices
Three high-impact security vulnerabilities have been disclosed in APC Smart-UPS devices that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner. Collectively dubbed TLStorm, the flaws "allow for complete remote takeover of Smart-UPS...
New MyloBot Malware Variant Sends Sextortion Emails Demanding $2,732 in Bitcoin
A new version of the MyloBot malware has been observed to deploy malicious payloads that are being used to send sextortion emails demanding victims to pay $2,732 in digital currency. MyloBot, first detected in 2018, is known to feature an array of sophisticated anti-debugging capabilities and...
CVE-2021-22812
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...
Cross site scripting
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...
Cross site scripting
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file. Affected Products:...
CVE-2021-22815
A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 NMC2: AP9630/AP9630CH/AP9630J,...
CVE-2021-22814
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS,...
CVE-2021-22814
CVE-2021-22814 describes a Cross-site Scripting (CWE-79) vulnerability in Schneider Electric NMC embedded devices (NMC2 and NMC3) that can cause arbitrary script execution when a malicious file is read and displayed. Affected products span multiple Schneider Electric lines: 1-phase and 3-phase UP...
CVE-2021-22813
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. Affected Products:...
CVE-2021-22813
CVE-2021-22813 is a Cross‑Site Scripting (CWE-79) vulnerability affecting Schneider Electric NMC/NMC2/NMC3 devices across UPS, PDU, and related network cards. A privileged user can trigger arbitrary script execution by clicking a malicious URL referencing an edit policy file. The connected docume...
CVE-2021-22812
A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...
CVE-2021-22812
CVE-2021-22812 is a Cross-Site Scripting (CWE-79) vulnerability affecting Schneider Electric NMC/NMC2/NMC3 embedded devices and related UPS, PDU, and cooling products. Affected items include NMC2/NMC3 applications across various AP9630/9631/9635/9640/9641/9643 series and related RPDU2G, RPP, XRDP...
Mageia: Security Advisory (MGASA-2013-0216)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2022-9285 · Apc · Apc Rack Power Distribution Units +19
Name of the Vulnerable Software and Affected Versions: APC Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 NMC2 versions 6.9.8 and earlier APC Symmetra PX 250/500 SYPX Network Management Card 2 NMC2 versions 6.9.6 and earlier APC Symmetra PX 48/96/100/160 kW UPS PX2, Symmetra ...
Mageia: Security Advisory (MGASA-2015-0090)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2015-0040)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2014-0258)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2015-0365)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...