FKIE_CVE-2022-22805

Vulnerability from fkie_nvd - Published: 2022-03-09 20:15 - Updated: 2024-11-21 06:47
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)
References
cybersecurity@se.comhttps://www.se.com/ww/en/download/document/SEVD-2022-067-02/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.se.com/ww/en/download/document/SEVD-2022-067-02/Vendor Advisory
Impacted products
Vendor Product Version
schneider-electric smt_series_1015_ups_firmware *
schneider-electric smt_series_1015_ups -
schneider-electric smc_series_1018_ups_firmware *
schneider-electric smc_series_1018_ups -
schneider-electric smtl_series_1026_ups_firmware *
schneider-electric smtl_series_1026_ups -
schneider-electric scl_series_1029_ups_firmware *
schneider-electric scl_series_1029_ups -
schneider-electric scl_series_1030_ups_firmware *
schneider-electric scl_series_1030_ups -
schneider-electric scl_series_1036_ups_firmware *
schneider-electric scl_series_1036_ups -
schneider-electric scl_series_1037_ups_firmware *
schneider-electric scl_series_1037_ups -
schneider-electric smx_series_1031_ups_firmware *
schneider-electric smx_series_1031_ups -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:smt_series_1015_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C3EA55B-DB09-4124-A9D9-A92431C38D1F",
              "versionEndIncluding": "04.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:smt_series_1015_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95C1E3D9-606B-4C57-A4E7-0A45C9D46332",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:smc_series_1018_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE2D844-ED18-44D3-9E75-4BB3082E4B51",
              "versionEndIncluding": "04.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:smc_series_1018_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "154E788E-173C-4D16-A492-B61D39D420EF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:smtl_series_1026_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE693F05-B0A7-452D-94C6-D36E37ACF6CB",
              "versionEndIncluding": "02.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:smtl_series_1026_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B138EB4-6264-4BFA-B4C7-4B23FFA676B1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:scl_series_1029_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2E0803A-637E-4BBA-B9D5-AB59EE122844",
              "versionEndIncluding": "02.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:scl_series_1029_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4175BEC7-DA4D-4E19-A642-A5FC13D3598E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:scl_series_1030_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "469F9813-DE0E-4752-91EB-FECC001C6825",
              "versionEndIncluding": "02.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:scl_series_1030_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8DC43CB-66C0-469B-AF87-0120D6280584",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:scl_series_1036_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "22E4C951-876D-46F7-8CF4-D943464E8338",
              "versionEndIncluding": "02.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:scl_series_1036_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FB7E0EB-AF6D-4107-B343-50309E9DF03E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:scl_series_1037_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E52A522-88D4-4B6A-83B4-C56C093C7F54",
              "versionEndIncluding": "03.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:scl_series_1037_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "04C627CE-E3F8-4E3F-8B93-07C92AA21296",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:smx_series_1031_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6251AE4E-FFED-4B0C-A90B-A3BD852A2ED8",
              "versionEndIncluding": "03.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:smx_series_1031_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1E7040-8123-483C-AE62-F190D83D0ADC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027) vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)"
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad CWE-120: Copia del b\u00fafer sin comprobar el tama\u00f1o de la entrada (\u0027Desbordamiento cl\u00e1sico del b\u00fafer\u0027) que podr\u00eda causar la ejecuci\u00f3n remota de c\u00f3digo cuando se reensambla un paquete TLS mal gestionado. Producto afectado: Familia SmartConnect: Serie SMT (SMT Series ID=1015: UPS 04.5 y anteriores), Serie SMC (SMC Series ID=1018: UPS 04.2 y anteriores), Serie SMTL (SMTL Series ID=1026: UPS 02.9 y anteriores), Serie SCL (SCL Series ID=1029: UPS 02. 5 y anteriores / SCL Series ID=1030: UPS 02.5 y anteriores / SCL Series ID=1036: UPS 02.5 y anteriores / SCL Series ID=1037: UPS 03.1 y anteriores), SMX Series (SMX Series ID=1031: UPS 03.1 y anteriores)"
    }
  ],
  "id": "CVE-2022-22805",
  "lastModified": "2024-11-21T06:47:28.807",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-03-09T20:15:08.460",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.