Buffer Overflow Vulnerability in SmartConnect UPS Products by Schneider Electric
CVE-2022-22805

9.8CRITICAL

Key Information:

Vendor: Schneider Electric
Status: Smartconnect
Vendor: CVE Published:; 9 March 2022

Summary

A vulnerability exists in Schneider Electric's SmartConnect Family of UPS products that allows for a buffer overflow due to inappropriate handling of TLS packet reassembly. If exploited, this could enable remote code execution, putting systems and data at risk. The affected products include various models in the SMT, SMC, SMTL, SCL, and SMX series, particularly those running outdated firmware versions. Ensuring timely updates and patches is critical to mitigate such vulnerabilities. For more details, refer to Schneider Electric's advisory.

Affected Version(s)

SmartConnect SMT Series

SmartConnect SMC Series

SmartConnect SMTL Series

References

https://www.se.com/ww/en/download/document/SEVD-2022-067-02/

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 9, 2022
Vulnerability Reserved
Jan 7, 2022