Versio.io

CVE-2022-0715

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 09-03-2022 09:15
Last modified: - 13-05-2022 02:58
Total changes: - 4

Description

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Low
Attack complexity
Network
Attack vector
High
Availability
None
Confidentiality
High
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
9.1
Base score
3.9
5.2
Exploitability score
Impact score
 

Verification logic

OR
AND
OR
vendor=schneider-electric AND product=smt_series_1015_ups_firmware AND versionEndIncluding=04.5
OR
vendor=schneider-electric AND product=smt_series_1015_ups AND version=-
AND
OR
vendor=schneider-electric AND product=smc_series_1018_ups_firmware AND versionEndIncluding=04.2
OR
vendor=schneider-electric AND product=smc_series_1018_ups AND version=-
AND
OR
vendor=schneider-electric AND product=smtl_series_1026_ups_firmware AND versionEndIncluding=02.9
OR
vendor=schneider-electric AND product=smtl_series_1026_ups AND version=-
AND
OR
vendor=schneider-electric AND product=scl_series_1029_ups_firmware AND versionEndIncluding=02.5
OR
vendor=schneider-electric AND product=scl_series_1029_ups AND version=-
AND
OR
vendor=schneider-electric AND product=scl_series_1030_ups_firmware AND versionEndIncluding=02.5
OR
vendor=schneider-electric AND product=scl_series_1030_ups AND version=-
AND
OR
vendor=schneider-electric AND product=scl_series_1036_ups_firmware AND versionEndIncluding=02.5
OR
vendor=schneider-electric AND product=scl_series_1036_ups AND version=-
AND
OR
vendor=schneider-electric AND product=scl_series_1037_ups_firmware AND versionEndIncluding=03.1
OR
vendor=schneider-electric AND product=scl_series_1037_ups AND version=-
AND
OR
vendor=schneider-electric AND product=smx_series_1031_ups_firmware AND versionEndIncluding=03.1
OR
vendor=schneider-electric AND product=smx_series_1031_ups AND version=-
AND
OR
vendor=schneider-electric AND product=smt_series_18_ups_firmware AND versionEndIncluding=09.8
OR
vendor=schneider-electric AND product=smt_series_18_ups AND version=-
AND
OR
vendor=schneider-electric AND product=smt_series_1040_ups_firmware AND versionEndIncluding=01.2
OR
vendor=schneider-electric AND product=smt_series_1040_ups AND version=-
AND
OR
vendor=schneider-electric AND product=smt_series_1031_ups_firmware AND versionEndIncluding=03.1
OR
vendor=schneider-electric AND product=smt_series_1031_ups AND version=-
AND
OR
vendor=schneider-electric AND product=smc_series_1005_ups_firmware AND versionEndIncluding=14.1
OR
vendor=schneider-electric AND product=smc_series_1005_ups AND version=-
AND
OR
vendor=schneider-electric AND product=smc_series_1007_ups_firmware AND versionEndIncluding=11.0
OR
vendor=schneider-electric AND product=smc_series_1007_ups AND version=-
AND
OR
vendor=schneider-electric AND product=smc_series_1041_ups_firmware AND versionEndIncluding=01.1
OR
vendor=schneider-electric AND product=smc_series_1041_ups AND version=-
AND
OR
vendor=schneider-electric AND product=scl_series_1030_ups_firmware AND versionEndIncluding=02.5
OR
vendor=schneider-electric AND product=scl_series_1030_ups AND version=-
AND
OR
vendor=schneider-electric AND product=scl_series_1036_ups_firmware AND versionEndIncluding=02.5
OR
vendor=schneider-electric AND product=scl_series_1036_ups AND version=-
AND
OR
vendor=schneider-electric AND product=smx_series_20_ups_firmware AND versionEndIncluding=10.2
OR
vendor=schneider-electric AND product=smx_series_20_ups AND version=-
AND
OR
vendor=schneider-electric AND product=smx_series_23_ups_firmware AND versionEndIncluding=07.0
OR
vendor=schneider-electric AND product=smx_series_23_ups AND version=-
AND
OR
vendor=schneider-electric AND product=srt_series_1010_ups_firmware AND versionEndIncluding=08.3
OR
vendor=schneider-electric AND product=srt_series_1010_ups AND version=-
AND
OR
vendor=schneider-electric AND product=srt_series_1019_ups_firmware AND versionEndIncluding=08.3
OR
vendor=schneider-electric AND product=srt_series_1019_ups AND version=-
AND
OR
vendor=schneider-electric AND product=srt_series_1025_ups_firmware AND versionEndIncluding=08.3
OR
vendor=schneider-electric AND product=srt_series_1025_ups AND version=-
AND
OR
vendor=schneider-electric AND product=srt_series_1020_ups_firmware AND versionEndIncluding=10.4
OR
vendor=schneider-electric AND product=srt_series_1020_ups AND version=-
AND
OR
vendor=schneider-electric AND product=srt_series_1021_ups_firmware AND versionEndIncluding=12.2
OR
vendor=schneider-electric AND product=srt_series_1021_ups AND version=-
AND
OR
vendor=schneider-electric AND product=srt_series_1001_ups_firmware AND versionEndIncluding=05.1
OR
vendor=schneider-electric AND product=srt_series_1001_ups AND version=-
AND
OR
vendor=schneider-electric AND product=srt_series_1013_ups_firmware AND versionEndIncluding=05.1
OR
vendor=schneider-electric AND product=srt_series_1013_ups AND version=-
AND
OR
vendor=schneider-electric AND product=srt_series_1002_ups_firmware AND versionEndIncluding=a05.2
OR
vendor=schneider-electric AND product=srt_series_1002_ups AND version=-
AND
OR
vendor=schneider-electric AND product=srt_series_1014_ups_firmware AND versionEndIncluding=a05.2
OR
vendor=schneider-electric AND product=srt_series_1014_ups AND version=-
AND
OR
vendor=schneider-electric AND product=srtl1000rmxli_firmware AND versionEndIncluding=01.0
OR
vendor=schneider-electric AND product=srtl1000rmxli AND version=-
AND
OR
vendor=schneider-electric AND product=srtl1000rmxli-nc_firmware AND versionEndIncluding=01.0
OR
vendor=schneider-electric AND product=srtl1000rmxli-nc AND version=-
AND
OR
vendor=schneider-electric AND product=srtl1500rmxli-nc_firmware AND versionEndIncluding=01.0
OR
vendor=schneider-electric AND product=srtl1500rmxli-nc AND version=-
AND
OR
vendor=schneider-electric AND product=srtl1500rmxli_firmware AND versionEndIncluding=01.0
OR
vendor=schneider-electric AND product=srtl1500rmxli AND version=-
AND
OR
vendor=schneider-electric AND product=srtl2200rmxli_firmware AND versionEndIncluding=01.0
OR
vendor=schneider-electric AND product=srtl2200rmxli AND version=-
AND
OR
vendor=schneider-electric AND product=srtl2200rmxli-nc_firmware AND versionEndIncluding=01.0
OR
vendor=schneider-electric AND product=srtl2200rmxli-nc AND version=-
AND
OR
vendor=schneider-electric AND product=srtl3000rmxli-nc_firmware AND versionEndIncluding=01.0
OR
vendor=schneider-electric AND product=srtl3000rmxli-nc AND version=-
AND
OR
vendor=schneider-electric AND product=srtl3000rmxli_firmware AND versionEndIncluding=01.0
OR
vendor=schneider-electric AND product=srtl3000rmxli AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2022-0715

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.