A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSchneider Electric Scl Series 1029 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Scl Series 1029 Ups Firmware
OSSchneider-Electric≤ 02.5Schneider Electric Scl Series 1030 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Scl Series 1030 Ups Firmware
OSSchneider-Electric≤ 02.5Schneider Electric Scl Series 1036 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Scl Series 1036 Ups Firmware
OSSchneider-Electric≤ 02.5Schneider Electric Scl Series 1037 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Scl Series 1037 Ups Firmware
OSSchneider-Electric≤ 03.1Schneider Electric Smc Series 1018 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Smc Series 1018 Ups Firmware
OSSchneider-Electric≤ 04.2Schneider Electric Smtl Series 1026 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Smtl Series 1026 Ups Firmware
OSSchneider-Electric≤ 02.9Schneider Electric Smt Series 1015 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Smt Series 1015 Ups Firmware
OSSchneider-Electric≤ 04.5Schneider Electric Smx Series 1031 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Smx Series 1031 Ups Firmware
OSSchneider-Electric≤ 03.1
Related vulnerabilities
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the...
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that co...
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unw...
Brak autoryzacji w Schneider Electric EcoStruxure IT Gateway (CVSS 10.0)
Ujawnienie poświadczeń w urządzeniu Schneider Electric WHC-5918A