CVE-2022-22805

Name of the Vulnerable Software and Affected Versions SmartConnect Family SMT Series versions UPS 04.5 and prior SmartConnect Family SMC Series versions UPS 04.2 and prior SmartConnect Family SMTL Series versions UPS 02.9 and prior SmartConnect Family SCL Series versions UPS 02.5 and prior SmartConnect Family SCL Series versions UPS 03.1 and prior SmartConnect Family SMX Series versions UPS 03.1 and prior

Description A Buffer Copy without Checking Size of Input vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. This issue is related to errors in processing TLS packets and can allow a remote attacker to execute arbitrary code.

Recommendations For SmartConnect Family SMT Series versions UPS 04.5 and prior, update to a version later than UPS 04.5. For SmartConnect Family SMC Series versions UPS 04.2 and prior, update to a version later than UPS 04.2. For SmartConnect Family SMTL Series versions UPS 02.9 and prior, update to a version later than UPS 02.9. For SmartConnect Family SCL Series versions UPS 02.5 and prior, update to a version later than UPS 02.5. For SmartConnect Family SCL Series versions UPS 03.1 and prior, update to a version later than UPS 03.1. For SmartConnect Family SMX Series versions UPS 03.1 and prior, update to a version later than UPS 03.1. As a temporary workaround, consider restricting access to TLS packet handling until a patch is available.