Lucene search
+L

343 matches found

Cvelist
Cvelist
added 2022/03/09 7:30 p.m.40 views

CVE-2022-0715

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series SMT Series ID=18: UPS 09.8 and prior / SMT Series...

9.4AI score0.05802EPSS
Exploits0References1
CVE
CVE
added 2022/03/09 7:30 p.m.87 views

CVE-2022-0715

CVE-2022-0715 describes an improper authentication vulnerability in Schneider Electric APC Smart-UPS devices across multiple series (SMT/SMC/SCL/SMX/SRT and SmartConnect/SMTL), where a leaked key could authorize uploading unsigned firmware, allowing an attacker to arbitrarily change UPS behavior....

9.1CVSS9.2AI score0.05802EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2022/03/09 11:48 a.m.51 views

Critical Bugs Could Let Attackers Remotely Hack, Damage APC Smart-UPS Devices

Three high-impact security vulnerabilities have been disclosed in APC Smart-UPS devices that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner. Collectively dubbed TLStorm, the flaws "allow for complete remote takeover of Smart-UPS...

9.8CVSS0.9AI score0.12256EPSS
Exploits0
The Hacker News
The Hacker News
added 2022/02/15 8:52 a.m.31 views

New MyloBot Malware Variant Sends Sextortion Emails Demanding $2,732 in Bitcoin

A new version of the MyloBot malware has been observed to deploy malicious payloads that are being used to send sextortion emails demanding victims to pay $2,732 in digital currency. MyloBot, first detected in 2018, is known to feature an array of sophisticated anti-debugging capabilities and...

1.2AI score
Exploits0
OSV
OSV
added 2022/01/28 8:15 p.m.2 views

CVE-2021-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...

6.1CVSS6.5AI score0.00745EPSS
Exploits0References1
Prion
Prion
added 2022/01/28 8:15 p.m.20 views

Cross site scripting

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...

4.3CVSS6.2AI score0.00745EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2022/01/28 8:15 p.m.16 views

Cross site scripting

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file. Affected Products:...

4.3CVSS6.1AI score0.00749EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2022/01/28 7:9 p.m.23 views

CVE-2021-22815

A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 NMC2: AP9630/AP9630CH/AP9630J,...

5.5AI score0.00768EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/28 7:9 p.m.26 views

CVE-2021-22814

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS,...

6.5AI score0.00745EPSS
Exploits0References1
CVE
CVE
added 2022/01/28 7:9 p.m.54 views

CVE-2021-22814

CVE-2021-22814 describes a Cross-site Scripting (CWE-79) vulnerability in Schneider Electric NMC embedded devices (NMC2 and NMC3) that can cause arbitrary script execution when a malicious file is read and displayed. Affected products span multiple Schneider Electric lines: 1-phase and 3-phase UP...

6.1CVSS6.2AI score0.00745EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/28 7:9 p.m.39 views

CVE-2021-22813

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. Affected Products:...

6.4AI score0.00745EPSS
Exploits0References1
CVE
CVE
added 2022/01/28 7:9 p.m.71 views

CVE-2021-22813

CVE-2021-22813 is a Cross‑Site Scripting (CWE-79) vulnerability affecting Schneider Electric NMC/NMC2/NMC3 devices across UPS, PDU, and related network cards. A privileged user can trigger arbitrary script execution by clicking a malicious URL referencing an edit policy file. The connected docume...

6.1CVSS6.1AI score0.00745EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/28 7:9 p.m.31 views

CVE-2021-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...

6.5AI score0.00745EPSS
Exploits0References1
CVE
CVE
added 2022/01/28 7:9 p.m.75 views

CVE-2021-22812

CVE-2021-22812 is a Cross-Site Scripting (CWE-79) vulnerability affecting Schneider Electric NMC/NMC2/NMC3 embedded devices and related UPS, PDU, and cooling products. Affected items include NMC2/NMC3 applications across various AP9630/9631/9635/9640/9641/9643 series and related RPDU2G, RPP, XRDP...

6.1CVSS6.2AI score0.00745EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.27 views

Mageia: Security Advisory (MGASA-2013-0216)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS8AI score0.05186EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/01/28 12:0 a.m.6 views

PT-2022-9285 · Apc · Apc Rack Power Distribution Units +19

Name of the Vulnerable Software and Affected Versions: APC Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 NMC2 versions 6.9.8 and earlier APC Symmetra PX 250/500 SYPX Network Management Card 2 NMC2 versions 6.9.6 and earlier APC Symmetra PX 48/96/100/160 kW UPS PX2, Symmetra ...

5.3CVSS5.2AI score0.00768EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.49 views

Mageia: Security Advisory (MGASA-2015-0090)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.42911EPSS
Exploits11References5
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.42 views

Mageia: Security Advisory (MGASA-2015-0040)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.3AI score0.42593EPSS
Exploits7References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.28 views

Mageia: Security Advisory (MGASA-2014-0258)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS8.3AI score0.20805EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.49 views

Mageia: Security Advisory (MGASA-2015-0365)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.6AI score0.46801EPSS
Exploits7References5
Rows per page
Query Builder