9.1

CVE-2022-0715

EPSS 1.25%
Published 09.03.2022 20:15:08
Last modified 21.11.2024 06:39:14
Source cybersecurity@se.com
Teams watchlist Login
Open Login

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Smt Series 1015 Ups Firmware Version <= 04.5

Schneider-electric ≫ Smt Series 1015 Ups Version-

Schneider-electric ≫ Smc Series 1018 Ups Firmware Version <= 04.2

Schneider-electric ≫ Smc Series 1018 Ups Version-

Schneider-electric ≫ Smtl Series 1026 Ups Firmware Version <= 02.9

Schneider-electric ≫ Smtl Series 1026 Ups Version-

Schneider-electric ≫ Scl Series 1029 Ups Firmware Version <= 02.5

Schneider-electric ≫ Scl Series 1029 Ups Version-

Schneider-electric ≫ Scl Series 1030 Ups Firmware Version <= 02.5

Schneider-electric ≫ Scl Series 1030 Ups Version-

Schneider-electric ≫ Scl Series 1036 Ups Firmware Version <= 02.5

Schneider-electric ≫ Scl Series 1036 Ups Version-

Schneider-electric ≫ Scl Series 1037 Ups Firmware Version <= 03.1

Schneider-electric ≫ Scl Series 1037 Ups Version-

Schneider-electric ≫ Smx Series 1031 Ups Firmware Version <= 03.1

Schneider-electric ≫ Smx Series 1031 Ups Version-

Schneider-electric ≫ Smt Series 18 Ups Firmware Version <= 09.8

Schneider-electric ≫ Smt Series 18 Ups Version-

Schneider-electric ≫ Smt Series 1040 Ups Firmware Version <= 01.2

Schneider-electric ≫ Smt Series 1040 Ups Version-

Schneider-electric ≫ Smt Series 1031 Ups Firmware Version <= 03.1

Schneider-electric ≫ Smt Series 1031 Ups Version-

Schneider-electric ≫ Smc Series 1005 Ups Firmware Version <= 14.1

Schneider-electric ≫ Smc Series 1005 Ups Version-

Schneider-electric ≫ Smc Series 1007 Ups Firmware Version <= 11.0

Schneider-electric ≫ Smc Series 1007 Ups Version-

Schneider-electric ≫ Smc Series 1041 Ups Firmware Version <= 01.1

Schneider-electric ≫ Smc Series 1041 Ups Version-

Schneider-electric ≫ Scl Series 1030 Ups Firmware Version <= 02.5

Schneider-electric ≫ Scl Series 1030 Ups Version-

Schneider-electric ≫ Scl Series 1036 Ups Firmware Version <= 02.5

Schneider-electric ≫ Scl Series 1036 Ups Version-

Schneider-electric ≫ Smx Series 20 Ups Firmware Version <= 10.2

Schneider-electric ≫ Smx Series 20 Ups Version-

Schneider-electric ≫ Smx Series 23 Ups Firmware Version <= 07.0

Schneider-electric ≫ Smx Series 23 Ups Version-

Schneider-electric ≫ Srt Series 1010 Ups Firmware Version <= 08.3

Schneider-electric ≫ Srt Series 1010 Ups Version-

Schneider-electric ≫ Srt Series 1019 Ups Firmware Version <= 08.3

Schneider-electric ≫ Srt Series 1019 Ups Version-

Schneider-electric ≫ Srt Series 1025 Ups Firmware Version <= 08.3

Schneider-electric ≫ Srt Series 1025 Ups Version-

Schneider-electric ≫ Srt Series 1020 Ups Firmware Version <= 10.4

Schneider-electric ≫ Srt Series 1020 Ups Version-

Schneider-electric ≫ Srt Series 1021 Ups Firmware Version <= 12.2

Schneider-electric ≫ Srt Series 1021 Ups Version-

Schneider-electric ≫ Srt Series 1001 Ups Firmware Version <= 05.1

Schneider-electric ≫ Srt Series 1001 Ups Version-

Schneider-electric ≫ Srt Series 1013 Ups Firmware Version <= 05.1

Schneider-electric ≫ Srt Series 1013 Ups Version-

Schneider-electric ≫ Srt Series 1002 Ups Firmware Version <= a05.2

Schneider-electric ≫ Srt Series 1002 Ups Version-

Schneider-electric ≫ Srt Series 1014 Ups Firmware Version <= a05.2

Schneider-electric ≫ Srt Series 1014 Ups Version-

Schneider-electric ≫ Srtl1000rmxli Firmware Version <= 01.0

Schneider-electric ≫ Srtl1000rmxli Version-

Schneider-electric ≫ Srtl1000rmxli-nc Firmware Version <= 01.0

Schneider-electric ≫ Srtl1000rmxli-nc Version-

Schneider-electric ≫ Srtl1500rmxli-nc Firmware Version <= 01.0

Schneider-electric ≫ Srtl1500rmxli-nc Version-

Schneider-electric ≫ Srtl1500rmxli Firmware Version <= 01.0

Schneider-electric ≫ Srtl1500rmxli Version-

Schneider-electric ≫ Srtl2200rmxli Firmware Version <= 01.0

Schneider-electric ≫ Srtl2200rmxli Version-

Schneider-electric ≫ Srtl2200rmxli-nc Firmware Version <= 01.0

Schneider-electric ≫ Srtl2200rmxli-nc Version-

Schneider-electric ≫ Srtl3000rmxli-nc Firmware Version <= 01.0

Schneider-electric ≫ Srtl3000rmxli-nc Version-

Schneider-electric ≫ Srtl3000rmxli Firmware Version <= 01.0

Schneider-electric ≫ Srtl3000rmxli Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.25%	0.784

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:N/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

https://www.se.com/ww/en/download/document/SEVD-2022-067-02/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-0715

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-0715

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-0715

EUVD