CVE-2022-22806

EPSS 0.21%
Published 09.03.2022 20:15:08
Last modified 21.11.2024 06:47:28
Source cybersecurity@se.com
Teams watchlist Login
Open Login

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Smt Series 1015 Ups Firmware Version <= 04.5

Schneider-electric ≫ Smt Series 1015 Ups Version-

Schneider-electric ≫ Smc Series 1018 Ups Firmware Version <= 04.2

Schneider-electric ≫ Smc Series 1018 Ups Version-

Schneider-electric ≫ Smtl Series 1026 Ups Firmware Version <= 02.9

Schneider-electric ≫ Smtl Series 1026 Ups Version-

Schneider-electric ≫ Scl Series 1029 Ups Firmware Version <= 02.5

Schneider-electric ≫ Scl Series 1029 Ups Version-

Schneider-electric ≫ Scl Series 1030 Ups Firmware Version <= 02.5

Schneider-electric ≫ Scl Series 1030 Ups Version-

Schneider-electric ≫ Scl Series 1036 Ups Firmware Version <= 02.5

Schneider-electric ≫ Scl Series 1036 Ups Version-

Schneider-electric ≫ Scl Series 1037 Ups Firmware Version <= 03.1

Schneider-electric ≫ Scl Series 1037 Ups Version-

Schneider-electric ≫ Smx Series 1031 Ups Firmware Version <= 03.1

Schneider-electric ≫ Smx Series 1031 Ups Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.21%	0.43

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-294 Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

https://www.se.com/ww/en/download/document/SEVD-2022-067-02/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-22806

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22806

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22806

EUVD