CVE-2022-22805:
A CWE-120 Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability affects Schneider Electric SmartConnect devices, potentially enabling remote code execution via improperly reassembled TLS packets. The affected families include SMT Series, SMC Series, SMTL Series, SCL Series, and SMX Series, with specific UPS firmware revisions noted in the advisory.
Score
A numerical rating that indicates how dangerous this vulnerability is.
9.8Critical- Published Date:Mar 9, 2022
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:8.2
- EPSS Percentile:92%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
A CWE-120 Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability affects Schneider Electric SmartConnect devices, potentially enabling remote code execution via improperly reassembled TLS packets. The affected families include SMT Series, SMC Series, SMTL Series, SCL Series, and SMX Series, with specific UPS firmware revisions noted in the advisory.
Overview
This vulnerability is a classic buffer overflow (CWE-120) in Schneider Electric’s SmartConnect line. If a TLS packet is mismanaged during reassembly, an attacker could potentially achieve remote code execution on affected devices. The affected products span multiple SmartConnect series (SMT, SMC, SMTL, SCL, and SMX) with specific series IDs and older firmware levels indicated in the advisory, making exposed devices a potential target in environments using these controllers.
Remediation
- Identify affected devices and firmware versions by consulting Schneider Electric’s advisory SEVD-2022-067-02 and your device inventory.
- Upgrade firmware on all affected SmartConnect devices (SMT Series, SMC Series, SMTL Series, SCL Series, SMX Series) to the fixed versions specified in the advisory or to the latest vendor-approved release that contains the fix.
- If an immediate upgrade is not feasible, implement compensating controls to reduce exposure: place affected devices behind network segmentation or firewalls, restrict access to management interfaces, and monitor TLS traffic for abnormal patterns related to packet reassembly.
- After upgrade or mitigation, verify device operation, confirm firmware versions, and perform any available vulnerability checks or scans. Maintain a record of patched devices and schedule follow-up reviews for new advisories.
- Stay enrolled in Schneider Electric security advisories and apply future patches promptly to prevent re-exploitation.
References
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
