CRITICAL🇵🇱 Wersja polska

CVE-2022-22806

CVSS 9.8v3.1pub. 2022-03-09upd. 2024-11-21

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Schneider Electric Scl Series 1029 Ups

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Scl Series 1029 Ups Firmware

    OS
    Schneider-Electric
    ≤ 02.5
  • Schneider Electric Scl Series 1030 Ups

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Scl Series 1030 Ups Firmware

    OS
    Schneider-Electric
    ≤ 02.5
  • Schneider Electric Scl Series 1036 Ups

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Scl Series 1036 Ups Firmware

    OS
    Schneider-Electric
    ≤ 02.5
  • Schneider Electric Scl Series 1037 Ups

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Scl Series 1037 Ups Firmware

    OS
    Schneider-Electric
    ≤ 03.1
  • Schneider Electric Smc Series 1018 Ups

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Smc Series 1018 Ups Firmware

    OS
    Schneider-Electric
    ≤ 04.2
  • Schneider Electric Smtl Series 1026 Ups

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Smtl Series 1026 Ups Firmware

    OS
    Schneider-Electric
    ≤ 02.9
  • Schneider Electric Smt Series 1015 Ups

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Smt Series 1015 Ups Firmware

    OS
    Schneider-Electric
    ≤ 04.5
  • Schneider Electric Smx Series 1031 Ups

    HW
    Schneider-Electric
    wszystkie wersje
  • Schneider Electric Smx Series 1031 Ups Firmware

    OS
    Schneider-Electric
    ≤ 03.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2022-0715CRITICAL9.1ten sam produkt

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the...

CVE-2022-22805CRITICAL9.8ten sam produkt

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that co...

CVE-2018-7841CRITICAL9.8⚠ KEVten sam vendor

A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unw...

CVE-2024-10575CRITICAL10.0PL ✓ten sam vendor

Brak autoryzacji w Schneider Electric EcoStruxure IT Gateway (CVSS 10.0)

CVE-2024-6407CRITICAL9.8PL ✓ten sam vendor

Ujawnienie poświadczeń w urządzeniu Schneider Electric WHC-5918A