Schneider-Electric Scl Series 1029 Ups Firmware vulnerabilities
3 known vulnerabilities affecting schneider-electric/scl_series_1029_ups_firmware.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3
Vulnerabilities
Page 1 of 1
CVE-2022-0715CRITICALCVSS 9.1≤ 02.52022-03-09
CVE-2022-0715 [CRITICAL] CWE-287 CVE-2022-0715: A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1
nvd
CVE-2022-22805CRITICALCVSS 9.8≤ 02.52022-03-09
CVE-2022-22805 [CRITICAL] CWE-120 CVE-2022-22805: A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exis
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Ser
nvd
CVE-2022-22806CRITICALCVSS 9.8≤ 02.52022-03-09
CVE-2022-22806 [CRITICAL] CWE-294 CVE-2022-22806: A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthen
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS
nvd