How severe is CVE-2022-22806?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2022-22806?

This is classified as CWE-294, which is a common weakness in software security.

CVE-2022-22806

CRITICAL Year: 2022

CVSS v3 Score

9.8

Critical

CVSS v2 Score

7.5

High

Weakness Type

CWE-294

View all →

Vulnerability Description

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)

CVE-2017-3191

CRITICAL

CVSS:9.8(Critical)

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login p...

CWE-2942017

CVE-2017-6034

CRITICAL

CVSS:9.8(Critical)

An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which m...

CWE-2942017

CVE-2018-17932

CRITICAL

CVSS:9.8(Critical)

JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the devi...

CWE-2942018

CVE-2018-19025

CRITICAL

CVSS:9.8(Critical)

In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.)...

CWE-2942018

CVE-2018-7790

CRITICAL

CVSS:9.8(Critical)

An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users...

CWE-2942018

CVE-2019-18226

CRITICAL

CVSS:9.8(Critical)

Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a...

CWE-2942019

CVE-2022-22806

Vulnerability Description

Related Vulnerabilities

CVE-2017-3191

CVE-2017-6034

CVE-2018-17932

CVE-2018-19025

CVE-2018-7790

CVE-2019-18226