Multiple vulnerabilities in APC Smart-UPS devices
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2022-22805 CVE-2022-22806 CVE-2022-0715 |
| CWE-ID | CWE-119 CWE-287 CWE-310 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SMT Series Hardware solutions / Firmware SMC Series Hardware solutions / Firmware SMTL Series Hardware solutions / Firmware SCL Series Hardware solutions / Firmware SMX Series Hardware solutions / Firmware SRT Series Hardware solutions / Firmware |
| Vendor | APC |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
Updated: 15.03.2022
The previous report about in the wild exploitation of these vulnerabilities appears to be false. Therefore, vulnerabilities description and CVSS scores were updated, risk level was changed from Critical to High for all vulnerabilities in the security bulletin.
1) Buffer overflow
EUVDB-ID: #VU61209
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22805
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within TLS in SmartConnect feature. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSMT Series: 04.5
SMC Series: 04.2
SMTL Series: 02.9
SCL Series: 02.5 - 03.1
SMX Series: 03.1
External linkshttp://www.armis.com/research/tlstorm/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Authentication
EUVDB-ID: #VU61212
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22806
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to a state confusion in the TLS handshake. A remote attacker can bypass authentication process and execute arbitrary code using a network firmware upgrade.
MitigationInstall update from vendor's website.
Vulnerable software versionsSMT Series: 04.5
SMC Series: 04.2
SMTL Series: 02.9
SCL Series: 02.5 - 03.1
SMX Series: 03.1
External linkshttp://www.armis.com/research/tlstorm/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cryptographic issues
EUVDB-ID: #VU61213
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0715
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to flaw in firmware upgrade mechanisms. A remote attacker can perform unsigned firmware upgrade and execute arbitrary code on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSMT Series: 01.2 - 09.8
SMC Series: 01.1 - 14.1
SMTL Series: 02.9
SCL Series: 02.5 - 03.1
SMX Series: 03.1 - 10.2
SRT Series: 01.0 - 12.2
External linkshttp://www.armis.com/research/tlstorm/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
