CVE-2022-0715

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-0715
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)

9.1 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.4 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://www.se.com/ww/en/download/document/SEVD-2022-067-02/ Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:schneider-electric:smt_series_1015_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:smt_series_1015_ups:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:schneider-electric:smc_series_1018_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:smc_series_1018_ups:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:schneider-electric:smtl_series_1026_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:smtl_series_1026_ups:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:schneider-electric:scl_series_1029_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:scl_series_1029_ups:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:schneider-electric:scl_series_1030_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:scl_series_1030_ups:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:schneider-electric:scl_series_1036_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:scl_series_1036_ups:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:schneider-electric:scl_series_1037_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:scl_series_1037_ups:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:schneider-electric:smx_series_1031_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:smx_series_1031_ups:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:schneider-electric:smt_series_18_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:smt_series_18_ups:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:schneider-electric:smt_series_1040_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:smt_series_1040_ups:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:schneider-electric:smt_series_1031_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:smt_series_1031_ups:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:schneider-electric:smc_series_1005_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:smc_series_1005_ups:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:schneider-electric:smc_series_1007_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:smc_series_1007_ups:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:schneider-electric:smc_series_1041_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:smc_series_1041_ups:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:schneider-electric:scl_series_1030_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:scl_series_1030_ups:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:schneider-electric:scl_series_1036_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:scl_series_1036_ups:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:schneider-electric:smx_series_20_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:smx_series_20_ups:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:schneider-electric:smx_series_23_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:smx_series_23_ups:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:schneider-electric:srt_series_1010_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:srt_series_1010_ups:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:schneider-electric:srt_series_1019_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:srt_series_1019_ups:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:schneider-electric:srt_series_1025_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:srt_series_1025_ups:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:schneider-electric:srt_series_1020_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:srt_series_1020_ups:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:schneider-electric:srt_series_1021_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:srt_series_1021_ups:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:schneider-electric:srt_series_1001_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:srt_series_1001_ups:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:schneider-electric:srt_series_1013_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:srt_series_1013_ups:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:schneider-electric:srt_series_1002_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:srt_series_1002_ups:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:schneider-electric:srt_series_1014_ups_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:srt_series_1014_ups:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:schneider-electric:srtl1000rmxli_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:srtl1000rmxli:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:schneider-electric:srtl1000rmxli-nc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:srtl1000rmxli-nc:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:schneider-electric:srtl1500rmxli-nc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:srtl1500rmxli-nc:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:schneider-electric:srtl1500rmxli_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:srtl1500rmxli:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:schneider-electric:srtl2200rmxli_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:srtl2200rmxli:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
cpe:2.3:o:schneider-electric:srtl2200rmxli-nc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:srtl2200rmxli-nc:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND
cpe:2.3:o:schneider-electric:srtl3000rmxli-nc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:srtl3000rmxli-nc:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND
cpe:2.3:o:schneider-electric:srtl3000rmxli_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:srtl3000rmxli:-:*:*:*:*:*:*:*
History

21 Jul 2023, 17:12

Type Values Removed Values Added
CWE CWE-287 CWE-345
Information

Published : 2022-03-09 20:15

Updated : 2024-02-28 19:09

NVD link : CVE-2022-0715

Mitre link : CVE-2022-0715

CVE.ORG link : CVE-2022-0715

JSON object : View

Products Affected

schneider-electric

  • smx_series_23_ups_firmware
  • scl_series_1036_ups
  • smt_series_1040_ups_firmware
  • smx_series_1031_ups
  • srtl3000rmxli-nc
  • srt_series_1021_ups_firmware
  • srt_series_1001_ups_firmware
  • smt_series_1015_ups_firmware
  • scl_series_1029_ups_firmware
  • smt_series_1031_ups_firmware
  • smx_series_20_ups
  • scl_series_1037_ups_firmware
  • smc_series_1005_ups
  • smc_series_1007_ups
  • srt_series_1019_ups
  • smc_series_1018_ups
  • srtl1000rmxli_firmware
  • srtl2200rmxli-nc_firmware
  • srt_series_1025_ups
  • smx_series_20_ups_firmware
  • scl_series_1029_ups
  • srtl3000rmxli_firmware
  • smc_series_1041_ups_firmware
  • srt_series_1014_ups_firmware
  • srt_series_1019_ups_firmware
  • srtl1000rmxli
  • smt_series_1031_ups
  • srtl1500rmxli-nc
  • srtl2200rmxli_firmware
  • srt_series_1010_ups
  • smt_series_1015_ups
  • srtl1500rmxli
  • srt_series_1002_ups_firmware
  • smt_series_18_ups
  • srtl3000rmxli
  • srtl1500rmxli-nc_firmware
  • srtl1000rmxli-nc_firmware
  • scl_series_1037_ups
  • smt_series_1040_ups
  • srt_series_1020_ups_firmware
  • srt_series_1002_ups
  • smc_series_1007_ups_firmware
  • smx_series_23_ups
  • scl_series_1036_ups_firmware
  • scl_series_1030_ups_firmware
  • smt_series_18_ups_firmware
  • smc_series_1005_ups_firmware
  • smx_series_1031_ups_firmware
  • srtl1000rmxli-nc
  • srt_series_1025_ups_firmware
  • smtl_series_1026_ups_firmware
  • smtl_series_1026_ups
  • smc_series_1018_ups_firmware
  • srt_series_1020_ups
  • srt_series_1010_ups_firmware
  • srtl2200rmxli
  • srt_series_1021_ups
  • srt_series_1014_ups
  • smc_series_1041_ups
  • srtl3000rmxli-nc_firmware
  • scl_series_1030_ups
  • srt_series_1001_ups
  • srtl2200rmxli-nc
  • srtl1500rmxli_firmware
  • srt_series_1013_ups_firmware
  • srt_series_1013_ups
CWE
CWE-345

Insufficient Verification of Data Authenticity

CWE-287

Improper Authentication