Schneider Electric多款产品缓冲区溢出漏洞
Schneider Electric APC Smart-UPS SMC Series等都是法国施耐德电气(Schneider Electric)公司的产品。Schneider Electric APC Smart-UPS SMC Series是一款适用于单台服务器、低功耗网络和销售点(POS) 设备的入门级UPS。Schneider Electric APC Smart-UPS SMT Series是一款服务器、销售点、路由器、交换机、集线器和其他网络设备的线路交互式电源保护。Schneider Electric APC Smart-UPS SMX Series是一款智能高效网络电源保护。
一、漏洞分析
公开日期:2022-03-12
漏洞编号:CNVD-2022-18773/CVE-2022-22805
危害等级:高危
漏洞描述:Schneider Electric多款产品存在缓冲区溢出漏洞,攻击者可利用该漏洞导致远程代码执行。
二、漏洞影响产品
Schneider Electric SMT Series ID=1015 <=UPS 04.5
Schneider Electric SMC Series ID=1018 <=UPS 04.2
Schneider Electric SMTL Series ID=1026 <=UPS 02.9
Schneider Electric SCL Series ID=1030 <=UPS 02.5
Schneider Electric SCL Series ID=1036 <=UPS 02.5
Schneider Electric SCL Series ID=1029 <=UPS 02.5
Schneider Electric SCL Series ID=1037 <=UPS 03.1
Schneider Electric SMX Series ID=1031 <=UPS 03.1
三、漏洞处置建议
厂商已发布了漏洞修复程序,请及时关注更新:
https://download.schneider-electric.com/files?p_File_Name=SEVD-2022-067-02_Smart-UPS_Security_Notification_CN.pdf
