Reliable power for a sustainable world
Hírek
2022. március 24.
Critical vulnerability TLStorm

Subject: CVE-2022-22805 – (CVSS 9.0) TLS buffer overflow, CVE-2022-22806 – (CVSS 9.0) TLS authentication bypass, CVE-2022-0715 – (CVSS 8.9) Unsigned firmware upgrade that can be updated over the network (RCE). 

CVE-2022-22805 – (CVSS 9.0) TLS buffer overflow: A memory corruption bug in packet reassembly (RCE). 

CVE-2022-22806 – (CVSS 9.0) TLS authentication bypass: A state confusion in the TLS handshake leads to authentication bypass, leading to remote code execution (RCE) using a network firmware upgrade. 

CVE-2022-0715 – (CVSS 8.9) Unsigned firmware upgrade that can be updated over the network (RCE). 

The firmware versions 2.xx and 3.xx, available for Netman 204 are not affected by CVE-2022-22805, CVE-2022-22806 and CVE-2022-0715.

Riello UPS ensures his customers that no one of the listed vulnerabilities affects Netman 204 network card and any its UPS as well.

 

Please click here or download the pdf for more information.